Difference between revisions of "Clamav unofficial sigs"

(Adding to Crontab the ClamAV Unofficial Signatures update)
(Running ClamAV Unofficial Signatures for the first time)
 
(3 intermediate revisions by 3 users not shown)
Line 3: Line 3:
 
<div class="col-md-12 ibox-content">
 
<div class="col-md-12 ibox-content">
 
=ClamAV Unofficial Signatures=
 
=ClamAV Unofficial Signatures=
{{KB|{{Unsupported}}|{{ZCS 8.7}}|{{ZCS 8.6}}|{{ZCS 8.5}}|}}
+
{{KB|{{Unsupported}}|{{ZCS 8.8}}|{{ZCS 8.7}}|{{ZCS 8.6}}|}}
 
{{WIP}}
 
{{WIP}}
  
Line 14: Line 14:
 
<pre>
 
<pre>
 
# cd /opt/zimbra
 
# cd /opt/zimbra
# wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/5.0.6.tar.gz
+
# wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/5.6.2.tar.gz
# tar -xf 5.0.6.tar.gz
+
# tar -xf 5.6.2.tar.gz
# ln -sf clamav-unofficial-sigs-5.0.6 clamav-unofficial-sigs
+
# ln -sf clamav-unofficial-sigs-5.6.2 clamav-unofficial-sigs
# rm 5.0.6.tar.gz
+
# rm 5.6.2.tar.gz
 
</pre>
 
</pre>
  
 
Create the required directories as '''zimbra''' user:
 
Create the required directories as '''zimbra''' user:
 
<pre>
 
<pre>
# su - zimbra
 
 
$ mkdir conf/clamav-unofficial-sigs
 
$ mkdir conf/clamav-unofficial-sigs
 
$ mkdir data/clamav-unofficial-sigs
 
$ mkdir data/clamav-unofficial-sigs
 
</pre>
 
</pre>
 +
 
=Configuring ClamAV Unofficial Signatures=
 
=Configuring ClamAV Unofficial Signatures=
 
Copy default config files to the config dir we've just created, as '''zimbra''' user:
 
Copy default config files to the config dir we've just created, as '''zimbra''' user:
Line 38: Line 38:
 
work_dir="/opt/zimbra/data/clamav-unofficial-sigs"
 
work_dir="/opt/zimbra/data/clamav-unofficial-sigs"
 
log_file_path="/opt/zimbra/log"
 
log_file_path="/opt/zimbra/log"
clamd_reload_opt="/opt/zimbra/clamav/bin/clamdscan --config-file=/opt/zimbra/conf/clamd.conf --reload"
+
clamd_reload_opt="/opt/zimbra/common/bin/clamdscan --config-file=/opt/zimbra/conf/clamd.conf --reload"
clamscan_bin="/opt/zimbra/clamav/bin/clamscan"
+
clamscan_bin="/opt/zimbra/common/bin/clamscan"
 
user_configuration_complete="yes"
 
user_configuration_complete="yes"
 
</pre>
 
</pre>
Line 46: Line 46:
 
Try to run clamav-unofficial-sigs and check to output for possible errors, as '''zimbra''' user
 
Try to run clamav-unofficial-sigs and check to output for possible errors, as '''zimbra''' user
 
  $ /bin/bash /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh -c /opt/zimbra/conf/clamav-unofficial-sigs
 
  $ /bin/bash /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh -c /opt/zimbra/conf/clamav-unofficial-sigs
 +
 +
You will need to edit /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh and change the $config_dir setting to /opt/zimbra/conf/clamav-unofficial-sigs.
  
 
Additional logs are available in '''/opt/zimbra/log/clamav-unofficial-sigs.log'''
 
Additional logs are available in '''/opt/zimbra/log/clamav-unofficial-sigs.log'''

Latest revision as of 23:56, 24 September 2020

ClamAV Unofficial Signatures

   KB 22579        Last updated on 2020-09-24  




0.00
(0 votes)


The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol.

The following steps should be performed to enable clamav unofficial sigs on Zimbra.

Download the Latest ClamAV Unofficial Signatures

Download the latest version from the official github (current release is 5.0.6) As root user:

# cd /opt/zimbra
# wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/5.6.2.tar.gz
# tar -xf 5.6.2.tar.gz
# ln -sf clamav-unofficial-sigs-5.6.2 clamav-unofficial-sigs
# rm 5.6.2.tar.gz

Create the required directories as zimbra user:

$ mkdir conf/clamav-unofficial-sigs
$ mkdir data/clamav-unofficial-sigs

Configuring ClamAV Unofficial Signatures

Copy default config files to the config dir we've just created, as zimbra user:

$ cp clamav-unofficial-sigs/config/{master.conf,user.conf} conf/clamav-unofficial-sigs/

Create zimbra specific config on conf/clamav-unofficial-sigs/os.conf:

vi conf/clamav-unofficial-sigs/os.conf
clam_user="zimbra"
clam_group="zimbra"
clam_dbs="/opt/zimbra/data/clamav/db"
clamd_pid="/opt/zimbra/log/clamd.pid"
work_dir="/opt/zimbra/data/clamav-unofficial-sigs"
log_file_path="/opt/zimbra/log"
clamd_reload_opt="/opt/zimbra/common/bin/clamdscan --config-file=/opt/zimbra/conf/clamd.conf --reload"
clamscan_bin="/opt/zimbra/common/bin/clamscan"
user_configuration_complete="yes"

Running ClamAV Unofficial Signatures for the first time

Try to run clamav-unofficial-sigs and check to output for possible errors, as zimbra user

$ /bin/bash /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh -c /opt/zimbra/conf/clamav-unofficial-sigs

You will need to edit /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh and change the $config_dir setting to /opt/zimbra/conf/clamav-unofficial-sigs.

Additional logs are available in /opt/zimbra/log/clamav-unofficial-sigs.log

Adding to Crontab the ClamAV Unofficial Signatures update

If all went well, configure a cron job using crontab -e as zimbra user

$ crontab -e
45 * * * * /bin/bash /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh -c /opt/zimbra/conf/clamav-unofficial-sigs > /dev/null

Configure log rotation for ClamAV Unofficial Signatures

Log rotation can be configured in e.g. /etc/logrotate.d/clamav-unofficial-sigs:

/opt/zimbra/log/clamav-unofficial-sigs.log {
     weekly
     rotate 4
     missingok
     notifempty
     compress
     create 0644 zimbra zimbra
}
Jump to: navigation, search