Clamav unofficial sigs: Difference between revisions
(Created page with "{{BC|Community Sandbox}} __FORCETOC__ <div class="col-md-12 ibox-content"> =Clamav unofficial sigs= {{KB|{{Unsupported}}|{{ZCS 8.5}}|{{ZCS 8.6}}|}} {{WIP}} The clamav-unoffic...") |
|||
| (5 intermediate revisions by 3 users not shown) | |||
| Line 2: | Line 2: | ||
__FORCETOC__ | __FORCETOC__ | ||
<div class="col-md-12 ibox-content"> | <div class="col-md-12 ibox-content"> | ||
= | =ClamAV Unofficial Signatures= | ||
{{KB|{{Unsupported}}|{{ZCS 8. | {{KB|{{Unsupported}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}} | ||
{{WIP}} | {{WIP}} | ||
| Line 9: | Line 9: | ||
The following steps should be performed to enable clamav unofficial sigs on Zimbra. | The following steps should be performed to enable clamav unofficial sigs on Zimbra. | ||
=Download the Latest ClamAV Unofficial Signatures= | |||
Download the latest version from https://github.com/extremeshok/clamav-unofficial-sigs/releases/latest (current release is 5.0.6) | Download the latest version from [https://github.com/extremeshok/clamav-unofficial-sigs/releases/latest '''the official github'''] (current release is 5.0.6) | ||
As '''root''' user: | |||
<pre> | <pre> | ||
# cd /opt/zimbra | # cd /opt/zimbra | ||
# wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/5. | # wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/5.6.2.tar.gz | ||
# tar -xf 5. | # tar -xf 5.6.2.tar.gz | ||
# ln -sf clamav-unofficial-sigs-5. | # ln -sf clamav-unofficial-sigs-5.6.2 clamav-unofficial-sigs | ||
# rm 5. | # rm 5.6.2.tar.gz | ||
</pre> | </pre> | ||
Create the required directories | Create the required directories as '''zimbra''' user: | ||
<pre> | <pre> | ||
$ mkdir conf/clamav-unofficial-sigs | $ mkdir conf/clamav-unofficial-sigs | ||
$ mkdir data/clamav-unofficial-sigs | $ mkdir data/clamav-unofficial-sigs | ||
</pre> | </pre> | ||
Copy default config files to config dir | =Configuring ClamAV Unofficial Signatures= | ||
Copy default config files to the config dir we've just created, as '''zimbra''' user: | |||
$ cp clamav-unofficial-sigs/config/{master.conf,user.conf} conf/clamav-unofficial-sigs/ | $ cp clamav-unofficial-sigs/config/{master.conf,user.conf} conf/clamav-unofficial-sigs/ | ||
Create zimbra specific config | Create zimbra specific config on '''conf/clamav-unofficial-sigs/os.conf''': | ||
<pre> | <pre>vi conf/clamav-unofficial-sigs/os.conf | ||
clam_user="zimbra" | clam_user="zimbra" | ||
clam_group="zimbra" | clam_group="zimbra" | ||
| Line 39: | Line 38: | ||
work_dir="/opt/zimbra/data/clamav-unofficial-sigs" | work_dir="/opt/zimbra/data/clamav-unofficial-sigs" | ||
log_file_path="/opt/zimbra/log" | log_file_path="/opt/zimbra/log" | ||
clamd_reload_opt="/opt/zimbra/ | clamd_reload_opt="/opt/zimbra/common/bin/clamdscan --config-file=/opt/zimbra/conf/clamd.conf --reload" | ||
clamscan_bin="/opt/zimbra/ | clamscan_bin="/opt/zimbra/common/bin/clamscan" | ||
user_configuration_complete="yes" | user_configuration_complete="yes" | ||
</pre> | </pre> | ||
Try to run clamav-unofficial-sigs and check to output for possible errors | =Running ClamAV Unofficial Signatures for the first time= | ||
Try to run clamav-unofficial-sigs and check to output for possible errors, as '''zimbra''' user | |||
$ /bin/bash /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh -c /opt/zimbra/conf/clamav-unofficial-sigs | $ /bin/bash /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh -c /opt/zimbra/conf/clamav-unofficial-sigs | ||
You will need to edit /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh and change the $config_dir setting to /opt/zimbra/conf/clamav-unofficial-sigs. | |||
Additional logs are available in | Additional logs are available in '''/opt/zimbra/log/clamav-unofficial-sigs.log''' | ||
If all went well, | =Adding to Crontab the ClamAV Unofficial Signatures update= | ||
If all went well, configure a cron job using '''crontab -e''' as '''zimbra''' user | |||
45 * * * * /bin/bash /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh -c /opt/zimbra/conf/clamav-unofficial-sigs > /dev/null | $ crontab -e | ||
45 * * * * /bin/bash /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh -c /opt/zimbra/conf/clamav-unofficial-sigs > /dev/null | |||
Log rotation can be configured in e.g. | =Configure log rotation for ClamAV Unofficial Signatures= | ||
Log rotation can be configured in e.g. /etc/logrotate.d/clamav-unofficial-sigs: | |||
<pre> | <pre> | ||
/opt/zimbra/log/clamav-unofficial-sigs.log { | /opt/zimbra/log/clamav-unofficial-sigs.log { | ||
Latest revision as of 23:56, 24 September 2020
ClamAV Unofficial Signatures
- This article is a Work in Progress, and may be unfinished or missing sections.
The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol.
The following steps should be performed to enable clamav unofficial sigs on Zimbra.
Download the Latest ClamAV Unofficial Signatures
Download the latest version from the official github (current release is 5.0.6) As root user:
# cd /opt/zimbra # wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/5.6.2.tar.gz # tar -xf 5.6.2.tar.gz # ln -sf clamav-unofficial-sigs-5.6.2 clamav-unofficial-sigs # rm 5.6.2.tar.gz
Create the required directories as zimbra user:
$ mkdir conf/clamav-unofficial-sigs $ mkdir data/clamav-unofficial-sigs
Configuring ClamAV Unofficial Signatures
Copy default config files to the config dir we've just created, as zimbra user:
$ cp clamav-unofficial-sigs/config/{master.conf,user.conf} conf/clamav-unofficial-sigs/
Create zimbra specific config on conf/clamav-unofficial-sigs/os.conf:
vi conf/clamav-unofficial-sigs/os.conf clam_user="zimbra" clam_group="zimbra" clam_dbs="/opt/zimbra/data/clamav/db" clamd_pid="/opt/zimbra/log/clamd.pid" work_dir="/opt/zimbra/data/clamav-unofficial-sigs" log_file_path="/opt/zimbra/log" clamd_reload_opt="/opt/zimbra/common/bin/clamdscan --config-file=/opt/zimbra/conf/clamd.conf --reload" clamscan_bin="/opt/zimbra/common/bin/clamscan" user_configuration_complete="yes"
Running ClamAV Unofficial Signatures for the first time
Try to run clamav-unofficial-sigs and check to output for possible errors, as zimbra user
$ /bin/bash /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh -c /opt/zimbra/conf/clamav-unofficial-sigs
You will need to edit /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh and change the $config_dir setting to /opt/zimbra/conf/clamav-unofficial-sigs.
Additional logs are available in /opt/zimbra/log/clamav-unofficial-sigs.log
Adding to Crontab the ClamAV Unofficial Signatures update
If all went well, configure a cron job using crontab -e as zimbra user
$ crontab -e 45 * * * * /bin/bash /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh -c /opt/zimbra/conf/clamav-unofficial-sigs > /dev/null
Configure log rotation for ClamAV Unofficial Signatures
Log rotation can be configured in e.g. /etc/logrotate.d/clamav-unofficial-sigs:
/opt/zimbra/log/clamav-unofficial-sigs.log {
weekly
rotate 4
missingok
notifempty
compress
create 0644 zimbra zimbra
}
