Clamav unofficial sigs: Difference between revisions
(→Configuring ClamAV Unofficial Signatures: updated path to clamscan and clamdscan for 8.8) |
|||
Line 46: | Line 46: | ||
Try to run clamav-unofficial-sigs and check to output for possible errors, as '''zimbra''' user | Try to run clamav-unofficial-sigs and check to output for possible errors, as '''zimbra''' user | ||
$ /bin/bash /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh -c /opt/zimbra/conf/clamav-unofficial-sigs | $ /bin/bash /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh -c /opt/zimbra/conf/clamav-unofficial-sigs | ||
You will need to edit /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh and change the $config_dir setting to /opt/zimbra/conf/clamav-unofficial-sigs. | |||
Additional logs are available in '''/opt/zimbra/log/clamav-unofficial-sigs.log''' | Additional logs are available in '''/opt/zimbra/log/clamav-unofficial-sigs.log''' |
Latest revision as of 23:56, 24 September 2020
ClamAV Unofficial Signatures
The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol.
The following steps should be performed to enable clamav unofficial sigs on Zimbra.
Download the Latest ClamAV Unofficial Signatures
Download the latest version from the official github (current release is 5.0.6) As root user:
# cd /opt/zimbra # wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/5.6.2.tar.gz # tar -xf 5.6.2.tar.gz # ln -sf clamav-unofficial-sigs-5.6.2 clamav-unofficial-sigs # rm 5.6.2.tar.gz
Create the required directories as zimbra user:
$ mkdir conf/clamav-unofficial-sigs $ mkdir data/clamav-unofficial-sigs
Configuring ClamAV Unofficial Signatures
Copy default config files to the config dir we've just created, as zimbra user:
$ cp clamav-unofficial-sigs/config/{master.conf,user.conf} conf/clamav-unofficial-sigs/
Create zimbra specific config on conf/clamav-unofficial-sigs/os.conf:
vi conf/clamav-unofficial-sigs/os.conf clam_user="zimbra" clam_group="zimbra" clam_dbs="/opt/zimbra/data/clamav/db" clamd_pid="/opt/zimbra/log/clamd.pid" work_dir="/opt/zimbra/data/clamav-unofficial-sigs" log_file_path="/opt/zimbra/log" clamd_reload_opt="/opt/zimbra/common/bin/clamdscan --config-file=/opt/zimbra/conf/clamd.conf --reload" clamscan_bin="/opt/zimbra/common/bin/clamscan" user_configuration_complete="yes"
Running ClamAV Unofficial Signatures for the first time
Try to run clamav-unofficial-sigs and check to output for possible errors, as zimbra user
$ /bin/bash /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh -c /opt/zimbra/conf/clamav-unofficial-sigs
You will need to edit /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh and change the $config_dir setting to /opt/zimbra/conf/clamav-unofficial-sigs.
Additional logs are available in /opt/zimbra/log/clamav-unofficial-sigs.log
Adding to Crontab the ClamAV Unofficial Signatures update
If all went well, configure a cron job using crontab -e as zimbra user
$ crontab -e 45 * * * * /bin/bash /opt/zimbra/clamav-unofficial-sigs/clamav-unofficial-sigs.sh -c /opt/zimbra/conf/clamav-unofficial-sigs > /dev/null
Configure log rotation for ClamAV Unofficial Signatures
Log rotation can be configured in e.g. /etc/logrotate.d/clamav-unofficial-sigs:
/opt/zimbra/log/clamav-unofficial-sigs.log { weekly rotate 4 missingok notifempty compress create 0644 zimbra zimbra }