1 # This file contains master configuration settings for clamav-unofficial-sigs.sh
3 # This is property of eXtremeSHOK.com
4 # You are free to use, modify and distribute, however you may not remove this notice.
5 # Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
8 # Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
10 # Originially based on:
11 # Script provide by Bill Landry (unofficialsigs@gmail.com).
13 # License: BSD (Berkeley Software Distribution)
17 # NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG
19 ################################################################################
21 # Edit the quoted variables below to meet your own particular needs
22 # and requirements, but do not remove the "quote" marks.
24 # Set the appropriate ClamD user and group accounts for your system.
25 # If you do not want the script to set user and group permissions on
26 # files and directories, comment the next two variables.
30 # If you do not want the script to change the file mode of all signature
31 # database files in the ClamAV working directory to 0644 (-rw-r--r--):
37 # as defined in the "clam_dbs" path variable below, then set the following
38 # "setmode" variable to "no".
41 # Set path to ClamAV database files location. If unsure, check
42 # your clamd.conf file for the "DatabaseDirectory" path setting.
43 clam_dbs="/var/lib/clamav"
45 # Set path to clamd.pid file (see clamd.conf for path location).
46 clamd_pid="/var/run/clamav/clamd.pid"
48 # To enable "ham" (non-spam) directory scanning and removal of
49 # signatures that trigger on ham messages, uncomment the following
50 # variable and set it to the appropriate ham message directory.
51 #ham_dir="/var/lib/clamav-unofficial-sigs/ham-test"
53 # If you would like to reload the clamd databases after an update,
54 # change the following variable to "yes".
57 # Top level working directory, script will attempt to create them.
58 work_dir="/var/lib/clamav-unofficial-sigs" #Top level working directory
60 # Log update information to '$log_file_path/$log_file_name'.
62 log_file_path="/var/log/clamav-unofficial-sigs"
63 log_file_name="clamav-unofficial-sigs.log"
66 # =========================
67 # MalwarePatrol : https://www.malwarepatrol.net
68 # MalwarePatrol 2016 (free) clamav signatures
70 # 1. Sign up for an account : https://www.malwarepatrol.net/signup-free.shtml
71 # 2. You will recieve an email containing your password/receipt number
72 # 3. Login to your account at malwarePatrol
73 # 4. In My Accountpage, choose the ClamAV list you will download. Free subscribers only get ClamAV Basic, commercial subscribers have access to ClamAV Extended. Do not use the agressive lists.
74 # 5. In the download URL, you will see 3 parameters: receipt, product and list, enter them in the variables below.
76 malwarepatrol_receipt_code="YOUR-RECEIPT-NUMBER"
77 malwarepatrol_product_code="8"
78 malwarepatrol_list="clamav_basic" # clamav_basic or clamav_ext
79 # Set to no to enable the commercial subscription url.
80 malwarepatrol_free="yes"
82 # =========================
83 # SecuriteInfo : https://www.SecuriteInfo.com
84 # SecuriteInfo 2015 free clamav signatures
86 # Usage of SecuriteInfo 2015 free clamav signatures : https://www.securiteinfo.com
87 # - 1. Sign up for a free account : https://www.securiteinfo.com/clients/customers/signup
88 # - 2. You will recieve an email to activate your account and then a followup email with your login name
89 # - 3. Login and navigate to your customer account : https://www.securiteinfo.com/clients/customers/account
90 # - 4. Click on the Setup tab
91 # - 5. You will need to get your unique identifier from one of the download links, they are individual for every user
92 # - 5.1. The 128 character string is after the http://www.securiteinfo.com/get/signatures/
93 # - 5.2. Example https://www.securiteinfo.com/get/signatures/your_unique_and_very_long_random_string_of_characters/securiteinfo.hdb
94 # Your 128 character authorisation signature would be : your_unique_and_very_long_random_string_of_characters
95 # - 6. Enter the authorisation signature into the config securiteinfo_authorisation_signature: replacing YOUR-SIGNATURE-NUMBER with your authorisation signature from the link
97 securiteinfo_authorisation_signature="YOUR-SIGNATURE-NUMBER"
99 # ========================
100 # Database provider update time
101 # ========================
102 # Since the database files are dynamically created, non default values can cause banning, change with caution
104 sanesecurity_update_hours="2" # Default is 2 hours (12 downloads daily).
105 securiteinfo_update_hours="4" # Default is 4 hours (6 downloads daily).
106 linuxmalwaredetect_update_hours="6" # Default is 6 hours (4 downloads daily).
107 malwarepatrol_update_hours="24" # Default is 24 hours (1 downloads daily).
108 yararulesproject_update_hours="24" # Default is 24 hours (1 downloads daily).
109 additional_update_hours="4" # Default is 4 hours (6 downloads daily).
111 # ========================
113 # ========================
114 # Set to no to disable an entire database, if the database is empty it will also be disabled.
115 sanesecurity_enabled="yes" # Sanesecurity
116 securiteinfo_enabled="yes" # SecuriteInfo
117 linuxmalwaredetect_enabled="yes" # Linux Malware Detect
118 malwarepatrol_enabled="yes" # Malware Patrol
119 yararulesproject_enabled="yes" # Yara-Rule Project, automatically disabled if clamav is older than 0.99
120 additional_enabled="yes" # Additional Databases
122 ## Disabling this will also cause the yararulesproject to be disabled.
123 enable_yararules="yes" #Enables yararules in the various databases, automatically disabled if clamav is older than 0.99
125 # ========================
126 # eXtremeSHOK Database format
127 # ========================
128 # The new and old database formats are supported for backwards compatibility
132 # file.name|RATING #description
135 # Rating (False Positive Rating)
137 # REQUIRED : always used
138 # LOW : used when the rating is low, medium and high
139 # MEDIUM : used when the rating is medium and high
140 # HIGH : used when the rating is high
141 # LOWONLY : used only when the rating is low
142 # MEDIUMONLY : used only when the rating is medium
143 # LOWMEDIUMONLY : used only when the rating is medium or low
144 # DISABLED : never used, or you can also comment the line out if you want
146 # Old Format is still supported, requiring you to comment out files to disable them
148 # file.name #LOW description
152 # valid rating: LOW, MEDIUM, HIGH
153 default_dbs_rating="LOW"
156 # These ratings will override the global rating for the specific database
157 # valid rating: LOW, MEDIUM, HIGH, DISABLED
158 #sanesecurity_dbs_rating=""
159 #securiteinfo_dbs_rating=""
160 #linuxmalwaredetect_dbs_rating=""
161 #yararulesproject_dbs_rating=""
163 # ========================
164 # Sanesecurity Database(s)
165 # ========================
166 # Add or remove database file names between quote marks as needed. To
167 # disable usage of any of the Sanesecurity distributed database files
168 # shown, remove the database file name from the quoted section below.
169 # Only databases defined as "low" risk have been enabled by default
170 # for additional information about the database ratings, see:
171 # http://www.sanesecurity.com/clamav/databases.htm
172 # Only add signature databases here that are "distributed" by Sanesecuirty
173 # as defined at the URL shown above. Database distributed by others sources
174 # (e.g., SecuriteInfo & MalewarePatrol, can be added to other sections of
175 # this config file below). Finally, make sure that the database names are
176 # spelled correctly or you will experience issues when the script runs
177 # (hint: all rsync servers will fail to download signature updates).
179 sanesecurity_dbs=" # BEGIN SANESECURITY DATABASE
180 ### SANESECURITY http://sanesecurity.com/usage/signatures/
181 ## REQUIRED, Do NOT disable
182 sanesecurity.ftm|REQUIRED # Message file types, for best performance
183 sigwhitelist.ign2|REQUIRED # Fast update file to whitelist any problem signatures
185 junk.ndb|LOW # General high hitting junk, containing spam/phishing/lottery/jobs/419s etc
186 jurlbl.ndb|LOW # Junk Url based
187 phish.ndb|LOW # Phishing
188 rogue.hdb|LOW # Malware, Rogue anti-virus software and Fake codecs etc. Updated hourly to cover the latest malware threats
189 scam.ndb|LOW # Spam/scams
190 spamimg.hdb|LOW # Spam images
191 spamattach.hdb|LOW # Spam Spammed attachments such as pdf/doc/rtf/zip
192 blurl.ndb|LOW # Blacklisted full urls over the last 7 days, covering malware/spam/phishing. URLs added only when main signatures have failed to detect but are known to be "bad"
193 malwarehash.hsb|LOW # Malware hashes without known Size
195 jurlbla.ndb|MEDIUM # Junk Url based autogenerated from various feeds
196 lott.ndb|MEDIUM # Lottery
197 spam.ldb|MEDIUM # Spam detected using the new Logical Signature type
198 spear.ndb|MEDIUM # Spear phishing email addresses (autogenerated from data here)
199 spearl.ndb|MEDIUM # Spear phishing urls (autogenerated from data here)
200 badmacro.ndb|MEDIUM # Detect dangerous macros
202 ### FOXHOLE http://sanesecurity.com/foxhole-databases/
204 foxhole_generic.cdb|LOW # See Foxhole page for more details
205 foxhole_filename.cdb|LOW # See Foxhole page for more details
207 foxhole_js.cdb|MEDIUM # See Foxhole page for more details
209 foxhole_all.cdb|HIGH # See Foxhole page for more details
211 ### OITC http://www.oitc.com/winnow/clamsigs/index.html
212 ### Note: the two databases winnow_phish_complete.ndb and winnow_phish_complete_url.ndb should NOT be used together.
214 winnow_malware.hdb|LOW # Current virus, trojan and other malware not yet detected by ClamAV.
215 winnow_malware_links.ndb|LOW # Links to malware
216 winnow_extended_malware.hdb|LOW # contain hand generated signatures for malware
217 winnow.attachments.hdb|LOW # Spammed attachments such as pdf/doc/rtf/zip as well as malware crypted configs
218 winnow_bad_cw.hdb|LOW # md5 hashes of malware attachments acquired directly from a group of botnets
219 winnow_phish_complete_url.ndb|LOWMEDIUMONLY # Similar to winnow_phish_complete.ndb except that entire urls are used
221 winnow_spam_complete.ndb|MEDIUM # Signatures to detect fraud and other malicious spam
222 winnow.complex.patterns.ldb|MEDIUM # contain hand generated signatures for malware and some egregious fraud
223 winnow_extended_malware_links.ndb|MEDIUM # contain hand generated signatures for malware links
225 winnow_phish_complete.ndb|HIGH # Phishing and other malicious urls and compromised hosts **DO NOT USE WITH winnow_phish_complete_url**
226 ### OITC YARA Format rules
227 ### Note: Yara signatures require ClamAV 0.99 or newer to work
228 winnow_malware.yara|LOW # detect spam
230 ### SCAMNAILER http://www.scamnailer.info/
232 scamnailer.ndb|MEDIUM # Spear phishing and other phishing emails
234 ### BOFHLAND http://clamav.bofhland.org/
236 bofhland_cracked_URL.ndb|LOW # Spam URLs
237 bofhland_malware_URL.ndb|LOW # Malware URLs
238 bofhland_phishing_URL.ndb|LOW # Phishing URLs
239 bofhland_malware_attach.hdb|LOW # Malware Hashes
241 ### RockSecurity http://rooksecurity.com/
243 hackingteam.hsb|LOW # Hacking Team hashes
245 ### CRDF https://threatcenter.crdf.fr/
247 #crdfam.clamav.hdb|LOW # List of new threats detected by CRDF Anti Malware
251 porcupine.ndb|LOW # Brazilian e-mail phishing and malware signatures
252 phishtank.ndb|LOW # Online and valid phishing urls from phishtank.com data feed
253 porcupine.hsb|LOW # Sha256 Hashes of VBS and JSE malware, kept for 7 days
255 ### Sanesecurity YARA Format rules
256 ### Note: Yara signatures require ClamAV 0.99 or newer to work
257 Sanesecurity_sigtest.yara|LOW # Sanesecurity test signatures
258 Sanesecurity_spam.yara|LOW # detect spam
260 " # END SANESECURITY DATABASES
262 # ========================
263 # SecuriteInfo Database(s)
264 # ========================
265 # Only active when you set your securiteinfo_authorisation_signature
266 # Add or remove database file names between quote marks as needed. To
267 # disable any SecuriteInfo database downloads, remove the appropriate
269 securiteinfo_dbs=" #START SECURITEINFO DATABASES
270 ### Securiteinfo https://www.securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml
271 ## REQUIRED, Do NOT disable
272 securiteinfo.ign2|REQUIRED
274 securiteinfo.hdb|LOW # Malwares in the Wild
275 javascript.ndb|LOW # Malwares Javascript
276 securiteinfohtml.hdb|LOW # Malwares HTML
277 securiteinfoascii.hdb|LOW # Text file malwares (Perl or shell scripts, bat files, exploits, ...)
278 securiteinfopdf.hdb|LOW # Malwares PDF
279 securiteinfoandroid.hdb|LOW # Malwares Java/Android Dalvik
281 spam_marketing.ndb|HIGH # Spam Marketing / spammer blacklist
282 " #END SECURITEINFO DATABASES
284 # ========================
285 # Linux Malware Detect Database(s)
286 # ========================
287 # Add or remove database file names between quote marks as needed. To
288 # disable any SecuriteInfo database downloads, remove the appropriate
290 linuxmalwaredetect_dbs="
291 ### Linux Malware Detect https://www.rfxn.com/projects/linux-malware-detect/
293 rfxn.ndb|LOW # HEX Malware detection signatures
294 rfxn.hdb|LOW # MD5 malware detection signatures
295 " #END LINUXMALWAREDETECT DATABASES
297 # ========================
298 # Yara Rules Project Database(s)
299 # ========================
300 # Add or remove database file names between quote marks as needed. To
301 # disable any Yara Rule database downloads, remove the appropriate
303 yararulesproject_dbs="
304 ### Yara Rules https://github.com/Yara-Rules/rules
306 # Some rules are now in sub-directories. To reference a file in a sub-directory
309 email/EMAIL_Cryptowall.yar|LOW # CryptoWall Resume phish
310 Antidebug_AntiVM/antidebug_antivm.yar|LOW # anti debug and anti virtualization techniques used by malware
311 Exploit-Kits/EK_Angler.yar|LOW # Angler Exploit Kit Redirector
312 Exploit-Kits/EK_Blackhole.yar|LOW # BlackHole2 Exploit Kit Detection
313 Exploit-Kits/EK_BleedingLife.yar|LOW # BleedingLife2 Exploit Kit Detection
314 Exploit-Kits/EK_Crimepack.yar|LOW # CrimePack Exploit Kit Detection
315 Exploit-Kits/EK_Eleonore.yar|LOW # Eleonore Exploit Kit Detection
316 Exploit-Kits/EK_Fragus.yar|LOW # Fragus Exploit Kit Detection
317 Exploit-Kits/EK_Phoenix.yar|LOW # Phoenix Exploit Kit Detection
318 Exploit-Kits/EK_Sakura.yar|LOW # Sakura Exploit Kit Detection
319 Exploit-Kits/EK_ZeroAcces.yar|LOW # ZeroAccess Exploit Kit Detection
320 Exploit-Kits/EK_Zerox88.yar|LOW # 0x88 Exploit Kit Detection
321 Exploit-Kits/EK_Zeus.yar|LOW # Zeus Exploit Kit Detection
323 Malicious_Documents/maldoc_somerules.yar|MEDIUM # documents with malicious code
324 Malicious_Documents/Maldoc_Hidden_PE_file.yar|MEDIUM # Detect a hidden PE file inside a sequence of numbers (comma separated)
325 Packers/Javascript_exploit_and_obfuscation.yar|MEDIUM # JavaScript Obfuscation Detection
326 Packers/packer.yar|MEDIUM # well-known sofware packers
327 CVE_Rules/CVE-2010-0805.yar|MEDIUM # CVE 2010 0805
328 CVE_Rules/CVE-2010-0887.yar|MEDIUM # CVE 2010 0887
329 CVE_Rules/CVE-2010-1297.yar|MEDIUM # CVE 2010 1297
330 CVE_Rules/CVE-2013-0074.yar|MEDIUM # CVE 2013 0074
331 CVE_Rules/CVE-2013-0422.yar|MEDIUM # CVE 2013 0422
332 CVE_Rules/CVE-2015-5119.yar|MEDIUM # CVE 2015 5119
334 Crypto/crypto.yar|HIGH # detect the existence of cryptographic algoritms
335 " #END yararulesproject DATABASES
337 # =========================
338 # Additional signature databases
339 # =========================
340 # Additional signature databases can be specified here in the following
341 # format: PROTOCOL://URL-or-IP/PATH/TO/FILE-NAME (use a trailing "/" in
342 # place of the "FILE-NAME" to download all files from specified location,
343 # but this *ONLY* works for files downloaded via rsync). For non-rsync
344 # downloads, wget and curl is used. For download protocols supported by
345 # wget and curl, see "man wget" and "man curl".
346 # This also works well for locations that have many ClamAV
347 # servers that use 3rd party signature databases, as only one server need
348 # download the remote databases, and all others can update from the local
349 # mirrors copy. See format examples below. To use, remove the comments
350 # and examples shown and add your own sites between the quote marks.
352 # rsync://192.168.1.50/new-db/sigs.hdb
353 # rsync://rsync.example.com/all-dbs/
354 # ftp://ftp.example.net/pub/sigs.ndb
355 # http://www.example.org/sigs.ldb
356 #" #END ADDITIONAL DATABASES
359 # ==================================================
360 # ==================================================
361 # A D V A N C E D O P T I O N S
362 # ==================================================
363 # ==================================================
365 # Enable or disable download time randomization. This allows the script to
366 # be executed via cron, but the actual database file checking will pause
367 # for a random number of seconds between the "min" and "max" time settings
368 # specified below. This helps to more evenly distribute load on the host
369 # download sites. To disable, set the following variable to "no".
372 # Enable to prevent issues with multiple instances running
373 # To disable, set the following variable to "no".
376 # If download time randomization is enabled above (enable_random="yes"),
377 # then set the min and max radomization time intervals (in seconds).
378 min_sleep_time="60" # Default minimum is 60 seconds (1 minute).
379 max_sleep_time="600" # Default maximum is 600 seconds (10 minutes).
381 # Command to do a full clamd service stop/start
382 #clamd_restart_opt="service clamd restart"
384 # Custom Command to fo a full clamd reload, this defaults to "clamdscan --reload" when not set
385 #clamd_reload_opt="clamdscan --reload"
387 # Custom Command Paths, these are detected with the which command when not set
388 #uname_bin="/usr/bin/uname"
389 #clamscan_bin="/usr/bin/clamscan"
390 #rsync_bin="/usr/bin/rsync"
391 #wget_bin="/usr/bin/wget"
392 #curl_bin="/usr/bin/curl"
393 #gpg_bin="/usr/bin/gpg"
395 # If running clamd in "LocalSocket" mode (*NOT* in TCP/IP mode), and
396 # either "SOcket Cat" (socat) or the "IO::Socket::UNIX" perl module
397 # are installed on the system, and you want to report whether clamd
398 # is running or not, uncomment the "clamd_socket" variable below (you
399 # will be warned if neither socat nor IO::Socket::UNIX are found, but
400 # the script will still run). You will also need to set the correct
401 # path to your clamd socket file (if unsure of the path, check the
402 # "LocalSocket" setting in your clamd.conf file for socket location).
403 #clamd_socket="/tmp/clamd.socket"
405 # Set rsync connection and data transfer timeout limits in seconds.
406 # The defaults settings here are reasonable, only change if you are
407 # experiencing timeout issues.
408 rsync_connect_timeout="60"
411 # Ignore ssl errors and warnings, ie. operate in insecure mode.
412 downloader_ignore_ssl="yes" # Default is "yes" ignore ssl errors and warnings
414 # Set downloader connection, data transfer timeout limits in seconds.
415 # The defaults settings here are reasonable, only change if you are
416 # experiencing timeout issues.
417 downloader_connect_timeout="60"
418 downloader_max_time="180"
420 # Set downloader retry count for failed transfers
423 # Set working directory paths (edit to meet your own needs). If these
424 # directories do not exist, the script will attempt to create them.
425 # Always located inside the work_dir, do not add /
426 # Sub-directory names:
427 sanesecurity_dir="dbs-ss" # Sanesecurity sub-directory
428 securiteinfo_dir="dbs-si" # SecuriteInfo sub-directory
429 linuxmalwaredetect_dir="dbs-lmd" # Linux Malware Detect sub-directory
430 malwarepatrol_dir="dbs-mbl" # MalwarePatrol sub-directory
431 yararulesproject_dir="dbs-yara" # Yara-Rules sub-directory
432 work_dir_configs="configs" # Script configs sub-directory
433 gpg_dir="gpg-key" # Sanesecurity GPG Key sub-directory
434 pid_dir="pid" # User defined pid sub-directory
435 add_dir="dbs-add" # User defined databases sub-directory
437 # If you would like to make a backup copy of the current running database
438 # file before updating, leave the following variable set to "yes" and a
439 # backup copy of the file will be created in the production directory
440 # with -bak appended to the file name.
443 # When a database integrity has tested BAD, the failed database will be removed.
444 remove_bad_database="yes"
446 # When a database is disabled we will remove the associated database files.
447 remove_disabled_databases="no" # Default is "no" since we are not a database managament tool by default.
449 # Enable SELinux fixes, ie. running restorecon on the database files.
450 # **Run the following command as root to enable clamav selinux support**
451 # setsebool -P antivirus_can_scan_system true
453 selinux_fixes="no" # Default is "no" ignore ssl errors and warnings
455 # If necessary to proxy database downloads, define the rsync and/or wget
456 # proxy settings here. For rsync, the proxy must support connections to
457 # port 873. Both wget and rsync proxy setting need to be defined in the
458 # format of "hostname:port". For wget, also note the https and http
461 #wget_proxy_http="http://username:password@proxy_host:proxy_port"
462 #wget_proxy_https="https://username:password@proxy_host:proxy_port"
465 # Custom Cron install settings, these are detected and only used if you want to override
466 # the automatic detection and generation of the values when not set, this is mainly to aid package maintainers
467 #cron_dir="" #default: /etc/cron.d
468 #cron_filename="" #default: clamav-unofficial-sigs
469 #cron_minute="" #default: random value between 0-59
470 #cron_user="" #default: uses the clam_user
471 #cron_bash="" #default: detected with the which command
472 #cron_script_full_path="" #default: detected to the fullpath of the script
474 # Custom logrotate install settings, these are detected and only used if you want to override
475 # the automatic detection and generation of the values when not set, this is mainly to aid package maintainers
476 #logrotate_dir="" #default: /etc/logrotate.d
477 #logrotate_filename="" #default: clamav-unofficial-sigs
478 #logrotate_user="" #default: uses the clam_user
479 #logrotate_group="" #default: uses the clam_group
480 #logrotate_log_file_full_path="" #default: detected to the $log_file_path/$log_file_name
482 # Custom man install settings, these are detected and only used if you want to override
483 # the automatic detection and generation of the values when not set, this is mainly to aid package maintainers
484 #man_dir="" #default: /usr/share/man/man8
485 #man_filename="" #default: clamav-unofficial-sigs.8
487 # Provided two variables that package and port maintainers can use in order to
488 # prevent the script from removing itself with the '-r' flag
489 # If the script was installed via a package manager like yum, apt, pkg, etc.
490 # The script will instead provide feedback to the user about how to uninstall the package.
491 #pkg_mgr="" #the package manager name
492 #pkg_rm="" #the package manager command to remove the script
494 # Custom full working directory paths, these are detected and only used if you want to override
495 # the automatic detection and generation of the values when not set, this is mainly to aid package maintainers
496 #work_dir_sanesecurity="" #default: uses work_dir/sanesecurity_dir
497 #work_dir_securiteinfo="" #default: uses work_dir/securiteinfo_dir
498 #work_dir_linuxmalwaredetect="" #default: uses work_dir/linuxmalwaredetect_dir
499 #work_dir_malwarepatrol="" #default: uses work_dir/malwarepatrol_dir
500 #work_dir_yararulesproject="" #default: uses work_dir/yararulesproject_dir
501 #work_dir_add="" #default: uses work_dir/add_dir
502 #work_dir_work_configs="" #default: uses work_dir/work_dir_configs
503 #work_dir_gpg="" #default: uses work_dir/gpg_dir
504 #work_dir_pid="" #default: uses work_dir/pid_dir
506 # ========================
507 # After you have completed the configuration of this file, set the value to "yes"
508 user_configuration_complete="no"
510 # ========================
512 # Database provider URLs
513 sanesecurity_url="rsync.sanesecurity.net"
514 sanesecurity_gpg_url="http://www.sanesecurity.net/publickey.gpg"
515 securiteinfo_url="https://www.securiteinfo.com/get/signatures"
516 linuxmalwaredetect_url="http://cdn.rfxn.com/downloads"
517 malwarepatrol_url="https://lists.malwarepatrol.net/cgi/getfile"
518 yararulesproject_url="https://raw.githubusercontent.com/Yara-Rules/rules/master"
520 # ========================
524 # https://eXtremeSHOK.com ######################################################