1 # clamav-unofficial-sigs [![Build Status](https://travis-ci.org/extremeshok/clamav-unofficial-sigs.svg?branch=master)](https://travis-ci.org/extremeshok/clamav-unofficial-sigs) [![GitHub Release](https://img.shields.io/github/release/extremeshok/clamav-unofficial-sigs.svg?label=Latest)](https://github.com/extremeshok/clamav-unofficial-sigs/releases/latest)
3 [![Code Climate](https://codeclimate.com/github/extremeshok/clamav-unofficial-sigs/badges/gpa.svg)](https://codeclimate.com/github/extremeshok/clamav-unofficial-sigs)
4 [![Test Coverage](https://codeclimate.com/github/extremeshok/clamav-unofficial-sigs/badges/coverage.svg)](https://codeclimate.com/github/extremeshok/clamav-unofficial-sigs/coverage)
5 [![Issue Count](https://codeclimate.com/github/extremeshok/clamav-unofficial-sigs/badges/issue_count.svg)](https://codeclimate.com/github/extremeshok/clamav-unofficial-sigs)
8 ClamAV Unofficial Signatures Updater
10 Github fork of the sourceforge hosted and non maintained utility.
12 ## Maintained and provided by https://eXtremeSHOK.com
15 The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol, Yara-Rules Project, etc. The script will also generate and install cron, logrotate, and man files.
17 #### Try our custom spamassasin plugin: https://github.com/extremeshok/spamassassin-extremeshok_fromreplyto
19 ### Support / Suggestions / Comments
20 Please post them on the issue tracker : https://github.com/extremeshok/clamav-unofficial-sigs/issues
22 ### Submit Patches / Pull requests to the "Dev" Branch
24 ### Required Ports / Firewall Exceptions
26 * wget/curl : TCP port 443
28 ### Supported Operating Systems
29 Debian, Ubuntu, Raspbian, CentOS (RHEL and clones), OpenBSD, FreeBSD, OpenSUSE, Archlinux, Mac OS X, Slackware, Solaris (Sun OS) and derivative systems
31 ### Quick Install Guide
32 * Download the files to /tmp/
33 * Copy clamav-unofficial-sigs.sh to /usr/local/bin/
34 * Set 755 permissions on /usr/local/bin/clamav-unofficial-sigs.sh
35 * Make the directory /etc/clamav-unofficial-sigs/
36 * Copy the contents of config/ into /etc/clamav-unofficial-sigs/
37 * Make the directory /var/log/clamav-unofficial-sigs/
38 * Rename the your os.your-distro.conf to os.conf, where your-distro is your distribution
39 * Set your user config options in the configs /etc/clamav-unofficial-sigs/user.conf
40 * Run the script with --install-cron to install the cron file
41 * Run the script with --install-logrotate to install the logrotate file
42 * Run the script with --install-man to install the man file
45 * Run the script once as your superuser to set all the permissions and create the relevant directories
48 * Copy the contents of systemd/ into to /etc/systemd/
50 ### Advanced Config Overrides
51 * Default configs are loaded in the following order if they exist:
52 * master.conf -> os.conf -> user.conf or your-specified.config
53 * user.conf will override os.conf and master.conf, os.conf will override master.conf
54 * A minimum of 1 config is required.
55 * Specifying a config on the command line (-c | --config) will override the loading of the default configs
57 #### Check if signature are being loaded
58 **Run the following command to display which signatures are being loaded by clamav
60 ```clamscan --debug 2>&1 /dev/null | grep "loaded"```
62 #### SELinux cron permission fix
63 > WARNING - Clamscan reports ________ database integrity tested BAD - SKIPPING
65 **Run the following command to allow clamav selinux support**
67 ```setsebool -P antivirus_can_scan_system true```
69 ### Yara Rule Support automatically enabled (as of April 2016)
70 Since usage yara rules requires clamav 0.99 or above, they will be automatically deactivated if your clamav is older than the required version
72 ### Yara-Rules Project Support (as of June 2015)
73 Usage of free Yara-Rules Project: http://yararules.com
76 Current limitations of clamav support : http://blog.clamav.net/search/label/yara
78 ### MalwarePatrol Free/Delayed list support (as of May 2015)
79 Usage of MalwarePatrol 2015 free clamav signatures : https://www.malwarepatrol.net
80 - 1. Sign up for a free account : https://www.malwarepatrol.net/signup-free.shtml
81 - 2. You will recieve an email containing your password/receipt number
82 - 3. Enter the receipt number into the config malwarepatrol_receipt_code: replacing YOUR-RECEIPT-NUMBER with your receipt number from the email
84 ### SecuriteInfo Free/Delayed list support (as of June 2015)
85 Usage of SecuriteInfo 2015 free clamav signatures : https://www.securiteinfo.com
86 - 1. Sign up for a free account : https://www.securiteinfo.com/clients/customers/signup
87 - 2. You will recieve an email to activate your account and then a followup email with your login name
88 - 3. Login and navigate to your customer account : https://www.securiteinfo.com/clients/customers/account
89 - 4. Click on the Setup tab
90 - 5. You will need to get your unique identifier from one of the download links, they are individual for every user
91 - 5.1. The 128 character string is after the http://www.securiteinfo.com/get/signatures/
92 - 5.2. Example https://www.securiteinfo.com/get/signatures/your_unique_and_very_long_random_string_of_characters/securiteinfo.hdb
93 Your 128 character authorisation signature would be : your_unique_and_very_long_random_string_of_characters
94 - 6. Enter the authorisation signature into the config securiteinfo_authorisation_signature: replacing YOUR-SIGNATURE-NUMBER with your authorisation signature from the link
96 ### Linux Malware Detect support (as of May 2015)
97 Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/projects/linux-malware-detect/
98 - Enabled by default, no configuration required
102 ### Version 5.4.1 (updated 2016-06-20)
103 - eXtremeSHOK.com Maintenance
104 - Disable installation when either pkg_mgr or pkg_rm is defined.
106 - Update master.conf with the new Yara-rules project file names
107 - Incremented the config to version 69
110 - eXtremeSHOK.com Maintenance
111 - Added Solaris 10 and 11 configs
112 - When under Solaris we define our own which function
113 - Define grep_bin variable, use gnu grep on sun os
114 - Fallback to gpg2 if gpg not found,
115 - Added support for csw gnupg on solaris
116 - Trap the keyboard interrupt (ctrl+c) and gracefully exit
117 - Added CentOS 7 Atomic config @deajan
118 - Minor refactoring and removing of unused variables
119 - Removed CRDF signatures as per Sanesecurity #124
120 - Added more Yara rule project Rules
121 - Incremented the config to version 68
124 - eXtremeSHOK.com Maintenance
125 - Bug Fix: Additional Databases not downloading
126 - Added sanesecurity_update_hours option to limit updating to once every 2 hours
127 - Added additional_update_hours option to limit updating to once every 4 hours
128 - Refactor Additional Database File Update code
129 - Updated osx config with correct group for homebrew
132 - eXtremeSHOK.com Maintenance
133 - Bug Fix: for GPG Signature test FAILED by @DamianoBianchi
134 - Remove unused $GETOPT
135 - Refactor clamscan_integrity_test_specific_database_file (--test-database)
136 - Refactor gpg_verify_specific_sanesecurity_database_file (--gpg-verify)
137 - Big fix: missing $pid_dir
140 - eXtremeSHOK.com Maintenance
141 - Major change: Updated to use new database structure, now allows all low/medium/high databases to be enabled or disabled.
142 - Major change: curl replaced with wget (will fallback to curl is wget is not installed)
143 - Major change: script now functions correctly as the clamav user when started under cron
144 - Added fallback to curl if wget is not available
145 - Added locking (Enable pid file to prevent issues with multiple instances)
146 - Added retries to fetching downloads
147 - Code refactor: if wget repaced with if $? -ne 0
148 - Enhancement: Verify the clam_user and clam_group actually exists on the system
149 - Added function : xshok_user_group_exists, to check if a specific user and group exists
150 - Bug Fix: setmode only if is root
151 - Bug Fix: eval not working on certain systems
152 - Bug fix: rsync output not correctly silenced
153 - Code refactor: remove legacy `..` with $(...)
154 - Code refactor: replace [ ... -a ... ] with [ ... ] && [ ... ]
155 - Code refactor: replace [ ... -o ... ] with [ ... ] || [ ... ]
156 - Code refactor: replace cat "..." with done < ... from loops
157 - Code refactor: convert for loops using files to while loops
158 - Code refactor: read replaced with read -r
159 - Code refactor: added cd ... || exit , to handle a failed cd
160 - Code refactor: double quoted all varibles
161 - Code refactor: refactor all "ls" iterations to use globs
162 - Defined missing uname_bin variable
163 - Added function xshok_database
164 - Set minimum config required to 65
168 - eXtremeSHOK.com Maintenance
169 - Added --install-all Install and generate the cron, logroate and man files, autodetects the values $oft based on your config files
170 - Added functions: xshok_prompt_confirm, xshok_is_file, xshok_is_subdir
171 - Replaced Y/N prompts with xshok_prompt_confirm
172 - Bug Fix for disabled databases being removed when the remove_disabled_databases is set to NO (default)
173 - Added more warnings to remove_script and made it double confirmed
174 - Remove_script will only remove work_dir if its a sub directory
175 - Remove_script will only remove files if they are files
176 - Removed -r switch, --remove-script needs to be used instead of both -r and --remove-script
177 - Fixed: remove_script not removing logrotate file, cron file, man file
180 - eXtremeSHOK.com Maintenance
181 - Minor bugfix for Sanesecurity_sigtest.yara Sanesecurity_spam.yara files being removed incorrectly
182 - Minor fix: yararulesproject_enabled not yararulesproject_enable
185 - eXtremeSHOK.com Maintenance
186 - Refactor some functions
187 - Added --install-man this will automatically generate and install the man (help) file
188 - Yararules and yararulesproject enabled by default
189 - Added clamav version detection to automatically disable yararules and yararulesproject if the current clamav version does not support them
190 - Database files ending with .yar/.yara/.yararules will automatically be disabled from the database if yara rules are not supported
191 - Script options are added to the man file
192 - Fixed hardcoded logrotate and cron in remove_script
193 - Fixed incorrectly assigned logrotate varibles in install-logrotate
194 - Config added info for port/package maintainers regarding: pkg_mgr and pkg_rm
195 - Removed pkg_mgr and pkg_rm from freebsd and openbsd os configs
196 - Allow overriding of all the individual workdirs, this is mainly to aid package maintainers
197 - Rename sanesecurity_dir to work_dir_sanesecurity, securiteinfo_dir to work_dir_securiteinfo, malwarepatrol_dir to work_dir_malwarepatrol, yararules_dir to work_dir_yararules, add_dir to work_dir_add, gpg_dir to work_dir_gpg, work_dir_configs to work_dir_work_configs
198 - Rename yararules_enabled to yararulesproject_enabled
199 - Rename all yararules to yararulesproject
200 - Fix to prevent disabled databases processing certian things which will not be used as they are disabled
201 - Set minimum config required to 62
205 - eXtremeSHOK.com Maintenance
206 - Added OS X and openbsd configs
207 - Fixed host fallback sed issues by @MichaelKuch
208 - Suppress most error messages of chmod and chown
209 - check permissions before chmod
210 - Added the config option remove_disabled_databases # Default is "no", if enabled when a database is disabled we will remove the associated database files.
211 - Added function xshok_mkdir_ownership
212 - Do not set permissions of the log, cron and logrotate dirs
213 - Fix: fallback for missing gpg -r option on OS X
214 - Update sanesecurity signatures
218 - eXtremeSHOK.com Maintenance
219 - Added --install-cron this will automatically generate and install the cron file
220 - Added --install-logrotate this will automatically generate and install the logrotate file
221 - Change official URL of SecuriteInfo signatures
222 - Added a new database (securiteinfoandroid.hdb) for SecuriteInfo
223 - Remove database files after disabling a database group by @reneschuster
224 - Updated Gentoo OS config by @orlitzky
226 - Increase travis-ci code testing
227 - Set minimum config required to 60
231 - eXtremeSHOK.com Maintenance
232 - Updated winnow databases as per information from Tom @ OITC
236 - eXtremeSHOK.com Maintenance
237 - Add support for specifying a custom config dir or file with (--config) -c option
238 - Removed default_config
239 - Added travis-ci build testing
240 - Updates to the help and usage display
241 - Added sanity testing of sanesecurity_dbs, securiteinfo_dbs, linuxmalwaredetect_dbs, yararules_dbs, add_dbs
242 - Added function xshok_array_count
243 - Prevent some issues with an incomplete or only a user.conf being loaded
244 - Added fallback to host if dig returns no records
245 - Check there are Sanesecurity mirror ips before we attempt to rsync
246 - Important binaries have been aliased (clamscan, rsync, curl, gpg) and allow their paths to be overridden
247 - Added sanity checks to make sure the binaries and workdir is defined
248 - Custom Binary Paths added to the config (clamscan_bin, rsync_bin, curl_bin, gpg_bin)
250 - Added initial centos6 + cpanel os config
251 - Bugfix Only start logging once all the configs have been loaded
252 - Rename $version to script_version
253 - Default malwarePatrol to the free version
254 - Added script version checks
257 - eXtremeSHOK.com Maintenance
258 - Added/Updated OS configs: CentOS 7, FreeBSD, Slackware
259 - Added clamd_reload_opt to fix issues with centos7 conf
260 - Fix --remove-script should call remove_script() function by @IdahoPL
261 - Add OS specific settings to logrotate
262 - Increased default timeout values
263 - Attempt to Silence more output
264 - Create the log_file_path directory before we touch the file.
265 - Updated config file to remove the $work_dir varible from dir names
266 - Remove trailing / from directory names
267 - Initial support for Travis-Ci testing
268 - Fixed config option enable_logging -> logging_enabled
269 - Config updated to 56 due to changes
272 - eXtremeSHOK.com Maintenance
273 - Added OS configs: OpenSUSE, Archlinux, Gentoo, Raspbian, FreeBSD
274 - Fixed config option enable_logging -> logging_enabled
277 - eXtremeSHOK.com Maintenance
278 - Detect if the entire script is available/complete
279 - Fix for Missing space between "]
282 - eXtremeSHOK.com Maintenance
283 - Disable logging if the log file is not writable.
284 - Do not attempt to log before a config is loaded
287 - eXtremeSHOK.com Maintenance
288 - Added porcupine.hsb : Sha256 Hashes of VBS and JSE malware Database from sanesecurity
289 - Fix for missing $ for clamd_pid an incorrect variable definition
290 - Fixes for not removing dirs by @msapiro
291 - Updates to account for changed names and addition of sub-directories for Yara-Rules by @msapiro
292 - Use MD5 with MalwarePatrol by @olivier2557
293 - Suppress the header and config loading message if running via cron
294 - Added systemd files by @falon
295 - Added config option remove_bad_database, a database with a BAD integrity check will be removed
296 - Fixed broken whitelisting of malwarepatrol signatures
297 - Replaced Version command option -v with -V
298 - Added command option -v (--verbose) to force verbose output
299 - Removed config options: silence_ssl, curl_silence, rsync_silence, gpg_silence, comment_silence
300 - Added ignore_ssl option to supress ssl errors and warnings, ie operate in insecure mode.
301 - Replaced test-database command option -s with -t
302 - Replaced output-triggered command option -t with -o
303 - Added command option -s (--silence) to force silenced output
304 - Default verbose for terminal and silence for cron
305 - Added RHEL/Centos 7 config settings
306 - Added short option (-F) to Force all databases to be downloaded, could cause ip to be blocked"
307 - Fixed removal of failed databases, disbale with option "remove_bad_database"
308 - Removed config options: clamd_start, clamd_stop
309 - Full rewrite of the config handling, master.conf -> os.conf -> user.conf or your-specified.config
310 - Configs loaded from the /etc/clamav-unofficial-sigs dir
311 - Added various os.conf files to ease setup
312 - Added selinux_fixes config option, this will run restorecon on the database files
313 - minor code refactoring and reindenting
316 - eXtremeSHOK.com Maintenance
318 - Last release of 4.x.x base
319 - minor code refactoring
322 - eXtremeSHOK.com Maintenance
323 - Added function xshok_check_s2 to prevent possible errors with -c and no configfile path
324 - minor code refactoring
327 - eXtremeSHOK.com Maintenance
328 - OS X compatibility fix by stewardle
329 - missing $ in $yararules_enabled
332 - eXtremeSHOK.com Maintenance
334 - New function clamscan_reload_dbs, will first try and reload the clam database, if reload fails will restart clamd
335 - Added Function xshok_pretty_echo_and_log, far easier and cleaner way to output and log information
336 - Removed functions comment, log
337 - Removed config option reload_opt
338 - Added config option clamd_restart_opt
339 - Added support for # characters in config values, ie malwarepatrol subscription key contains a #
340 - Minor formatting and code consitency changes
341 - 10% Smaller script size
342 - Config updated to 53 due to changes
345 - eXtremeSHOK.com Maintenance
346 - Added long option (--force) to Force all databases to be downloaded, could cause ip to be blocked"
347 - added config option: malwarepatrol_free="yes", set to "no" to enable commercial subscription url
348 - added support for commercial malwarepatrol subscription
349 - Grammar fix in config
350 - SELINUX cronjob fix added to readme
351 - Corrects tput warning when used without TERM (like in cron)
352 - Config updated to 52 due to changes
355 - eXtremeSHOK.com Maintenance
357 - Complete rewrite of the main case selector (program options)
358 - Added long options (--decode-sig, --encode-string, --encode-formatted, --gpg-verify, --information, --make-database, --remove-script, --test-database, --output-triggered)
359 - Replaced clamd-status.sh with --check-clamav
360 - Removed CHANGELOG, changelog has been replaced by this part of the readme and the git commit log.
361 - Config updated to 51 due to changes
364 - eXtremeSHOK.com Maintenance
366 - Added generic options (--help --version --config)
367 - Correctly handle generic options before the main case selector
368 - Sanitize the config before the main case selector (option)
369 - Rewrite and formatting of the usage options
370 - Removed the version information code as this is always printed
373 - eXtremeSHOK.com Maintenance
375 - Removed custom config forced to use the same filename as the default config
376 - Change file checks from exists to exists and is readable
377 - Removed legacy config checks
378 - Full support for custom config files for all tasks
379 - Removed function: no_default_config
382 - eXtremeSHOK.com Maintenance
383 - badmacro.ndb rule support for sanesecurity
384 - Sanesecurity_sigtest.yara rule support for sanesecurity
385 - Sanesecurity_spam.yara rule support for sanesecurity
386 - Changed required_config_version to minimum_required_config_version
387 - Script now supports a minimum config version to allow for out of sync config and script versions
390 - eXtremeSHOK.com Maintenance
391 - hackingteam.hsb rule support for sanesecurity
394 - eXtremeSHOK.com Maintenance
395 - Beta YARA rule support for sanesecurity
396 - Config updated to 4.8 due to changes
397 - Bugfix "securiteinfo_enabled" should be "$securiteinfo_enabled"
400 - eXtremeSHOK.com Maintenance
401 - Initial YARA rule support for sanesecurity
402 - Added Yara-Rules project Database
403 - Added config option to quickly enable/disable an entire database
404 - Config updated to 4.7 due to changes
405 - Note: Yara rules require clamav 0.99+
406 - Bugfix removed unused linuxmalwaredetect_authorisation_signature varible from script
409 - eXtremeSHOK.com Maintenance
410 - Updated SecuriteInfo setup instructions
413 - eXtremeSHOK.com Maintenance
414 - Committed patch-1 by SecuriteInfo (clean up of SecuriteInfo databases)
415 - Fixed double $surl_insecure
418 - eXtremeSHOK.com Maintenance
419 - Bugfix for SecuriteInfo not downloading by Colin Waring
420 - Default will now silence ssl errors caused by ssl certificate errors
421 - Config updated to 4.6 due to new varible: silence_ssl
424 - eXtremeSHOK.com Maintenance
425 - Improved config error checking
426 - Config updated to 4.5, due to invalid default dbs-si value
427 - Fix debug varible being present
428 - Bug fix for ubuntu 14.04 with sed being aliased
429 - Explicitly set bash as the shell
432 - eXtremeSHOK.com Maintenance
433 - Added error checking to detect if the config could be broken.
436 - eXtremeSHOK.com Maintenance
438 - Added full support for Linux Malware Detect clamav databases
439 - Config updated to 4.4
442 - eXtremeSHOK.com Maintenance
443 - Code refactoring: group and move functions to top of script
444 - Complete rewrite of securiteinfo support, full support for Free/Delayed clamav by securiteinfo.com ;-P
445 Note: securite info requires you to create a free account and add your authorisation code to the config.
446 - Config updated to 4.3
447 - Restructured Config
450 - eXtremeSHOK.com Maintenance
451 - Replace annoying si_ , mbl_, ss_ with actual names ie. securiteinfo_ malwarepatrol_ sanesecurity_
452 - Complete rewrite of malwarepatrol support, full support for Free/Delayed clamav ;-P
453 Note: malware patrol requires you to create a free account and add your "purchase" code to the config.
454 - More fixes to config prasing and stripping of comments and whitespace
455 - Code refactoring: remove empty commands: echo "" and comment ""
456 - Config version detection and enforcing
459 - eXtremeSHOK.com Maintenance
460 - Fix on default enable of foxhole medium and High false positive sources
461 - grammatical corrections to some comments and log output
462 - sig-boundary patch by Alan Stern
463 - create intermediate monitor-ign-old.txt to prevent reading and writing of local.ign by Alan Stern
466 - eXtremeSHOK.com Maintenance
467 - Enabled all low false positive sources by default
468 - Added all Sanesecurity database files
469 - Disabled all med/high false positive sources by default
470 - Set default configs to work out of the box on a centos system
472 - Set correct paths throughout the script
473 - Updated Installation Instructions
474 - Updated Paths for removal
475 - Updated Default locations to reflect installation instructions
476 - Fix: correctly remove comments and blanklines from config before eval
477 - Remove: invalid config values (eg. EXPORT path)
478 - Fix: correctly check if rsync was successful
482 Usage: clamav-unofficial-sigs.sh [OPTION] [PATH|FILE]
484 -c, --config Use a specific configuration file or directory
485 eg: '-c /your/dir' or ' -c /your/file.name'
486 Note: If a directory is specified the directory must contain atleast:
487 master.conf, os.conf or user.conf
488 Default Directory: /etc/clamav-unofficial-sigs
490 -F, --force Force all databases to be downloaded, could cause ip to be blocked
492 -h, --help Display this script's help and usage information
494 -V, --version Output script version and date information
496 -v, --verbose Be verbose, enabled when not run under cron
498 -s, --silence Only output error messages, enabled when run under cron
500 -d, --decode-sig Decode a third-party signature either by signature name
501 (eg: Sanesecurity.Junk.15248) or hexadecimal string.
502 This flag will 'NOT' decode image signatures
504 -e, --encode-string Hexadecimal encode an entire input string that can
505 be used in any '*.ndb' signature database file
507 -f, --encode-formatted Hexadecimal encode a formatted input string containing
508 signature spacing fields '{}, (), *', without encoding
509 the spacing fields, so that the encoded signature
510 can be used in any '*.ndb' signature database file
512 -g, --gpg-verify GPG verify a specific Sanesecurity database file
513 eg: '-g filename.ext' (do not include file path)
515 -i, --information Output system and configuration information for
516 viewing or possible debugging purposes
518 -m, --make-database Make a signature database from an ascii file containing
519 data strings, with one data string per line. Additional
520 information is provided when using this flag
522 -t, --test-database Clamscan integrity test a specific database file
523 eg: '-t filename.ext' (do not include file path)
525 -o, --output-triggered If HAM directory scanning is enabled in the script's
526 configuration file, then output names of any third-party
527 signatures that triggered during the HAM directory scan
529 -w, --whitelist Adds a signature whitelist entry in the newer ClamAV IGN2
530 format to 'my-whitelist.ign2' in order to temporarily resolve
531 a false-positive issue with a specific third-party signature.
532 Script added whitelist entries will automatically be removed
533 if the original signature is either modified or removed from
534 the third-party signature database
536 --check-clamav If ClamD status check is enabled and the socket path is correctly
537 specifiedthen test to see if clamd is running or not
539 --install-all Install and generate the cron, logroate and man files, autodetects the values
540 based on your config files
542 --install-cron Install and generate the cron file, autodetects the values
543 based on your config files
545 --install-logrotate Install and generate the logrotate file, autodetects the
546 values based on your config files
548 --install-man Install and generate the man file, autodetects the
549 values based on your config files
551 --remove-script Remove the clamav-unofficial-sigs script and all of
552 its associated files and databases from the system
554 ## Script updates can be found at:
555 ### https://github.com/extremeshok/clamav-unofficial-sigs
557 Original Script can be found at: http://sourceforge.net/projects/unofficial-sigs