# This file contains master configuration settings for clamav-unofficial-sigs.sh
-###################
+################################################################################
# This is property of eXtremeSHOK.com
# You are free to use, modify and distribute, however you may not remove this notice.
# Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
# License: BSD (Berkeley Software Distribution)
-##################
-#
-# Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
-#
-##################
+################################################################################
#
-# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG
+# DO NOT EDIT THIS FILE !! DO NOT EDIT THIS FILE !! DO NOT EDIT THIS FILE !!
#
################################################################################
#
-# IT IS BETTER TO SET YOUR OPTIONS IN THE user.conf AS THIS MAKES UPDATES EASIER
+# SET YOUR CUSTOM OPTIONS AND SETTINGS IN THE user.conf
#
-# os.conf AND user.conf OVERRIDES THE OPTIONS IN THIS FILE
+# os.conf (os.***.conf) AND user.conf OVERRIDES THE OPTIONS IN THIS FILE
#
################################################################################
logging_enabled="yes"
log_file_path="/var/log/clamav-unofficial-sigs"
log_file_name="clamav-unofficial-sigs.log"
+## Use a program to log messages
+#log_pipe_cmd="/usr/bin/logger -it 'clamav-unofficial-sigs'"
# =========================
# MalwarePatrol : https://www.malwarepatrol.net
# MalwarePatrol 2016 (free) clamav signatures
#
-# 1. Sign up for an account : https://www.malwarepatrol.net/signup-free.shtml
+# 1. Sign up for an account : https://www.malwarepatrol.net/free-guard-upgrade-option/
# 2. You will recieve an email containing your password/receipt number
# 3. Login to your account at malwarePatrol
# 4. In My Accountpage, choose the ClamAV list you will download. Free subscribers only get ClamAV Basic, commercial subscribers have access to ClamAV Extended. Do not use the agressive lists.
malwarepatrol_receipt_code="YOUR-RECEIPT-NUMBER"
malwarepatrol_product_code="8"
malwarepatrol_list="clamav_basic" # clamav_basic or clamav_ext
-# Set to no to enable the commercial subscription url.
+# if the malwarepatrol_product_code is not 8,
+# the malwarepatrol_free is set to no (non-free)
+# set to no to enable the commercial subscription url,
malwarepatrol_free="yes"
# =========================
# - 6. Enter the authorisation signature into the config securiteinfo_authorisation_signature: replacing YOUR-SIGNATURE-NUMBER with your authorisation signature from the link
securiteinfo_authorisation_signature="YOUR-SIGNATURE-NUMBER"
+securiteinfo_premium="no"
# ========================
# Database provider update time
# ========================
# Since the database files are dynamically created, non default values can cause banning, change with caution
-
-sanesecurity_update_hours="2" # Default is 2 hours (12 downloads daily).
-securiteinfo_update_hours="4" # Default is 4 hours (6 downloads daily).
+additional_update_hours="4" # Default is 4 hours (6 downloads daily).
linuxmalwaredetect_update_hours="6" # Default is 6 hours (4 downloads daily).
malwarepatrol_update_hours="24" # Default is 24 hours (1 downloads daily).
+sanesecurity_update_hours="2" # Default is 2 hours (12 downloads daily).
+securiteinfo_update_hours="4" # Default is 4 hours (6 downloads daily).
+urlhaus_update_hours="0" # Default is 0 hours (Update constantly).
yararulesproject_update_hours="24" # Default is 24 hours (1 downloads daily).
-additional_update_hours="4" # Default is 4 hours (6 downloads daily).
# ========================
# Enabled Databases
# ========================
# Set to no to disable an entire database, if the database is empty it will also be disabled.
-sanesecurity_enabled="yes" # Sanesecurity
-securiteinfo_enabled="yes" # SecuriteInfo
+additional_enabled="yes" # Additional Databases
linuxmalwaredetect_enabled="yes" # Linux Malware Detect
malwarepatrol_enabled="yes" # Malware Patrol
-yararulesproject_enabled="yes" # Yara-Rule Project, automatically disabled if clamav is older than 0.99
-additional_enabled="yes" # Additional Databases
+sanesecurity_enabled="yes" # Sanesecurity
+securiteinfo_enabled="yes" # SecuriteInfo
+urlhaus_enabled="yes" # urlhaus
+yararulesproject_enabled="no" # Yara-Rule Project, automatically disabled if clamav is older than 0.100 and enable_yararules is disabled
-## Disabling this will also cause the yararulesproject to be disabled.
-enable_yararules="yes" #Enables yararules in the various databases, automatically disabled if clamav is older than 0.99
+# Disabled by default
+## Enabling this will also cause the yararulesproject to be enabled if they are det to enabled.
+enable_yararules="yes" #Enables yararules in the various databases, automatically disabled if clamav is older than 0.100
# ========================
# eXtremeSHOK Database format
# Default dbs rating
# valid rating: LOW, MEDIUM, HIGH
-default_dbs_rating="LOW"
+default_dbs_rating="MEDIUM"
# Per Database
# These ratings will override the global rating for the specific database
# valid rating: LOW, MEDIUM, HIGH, DISABLED
+#linuxmalwaredetect_dbs_rating=""
#sanesecurity_dbs_rating=""
#securiteinfo_dbs_rating=""
-#linuxmalwaredetect_dbs_rating=""
+#urlhaus_dbs_rating=""
#yararulesproject_dbs_rating=""
# ========================
sanesecurity.ftm|REQUIRED # Message file types, for best performance
sigwhitelist.ign2|REQUIRED # Fast update file to whitelist any problem signatures
# LOW
+blurl.ndb|LOW # Blacklisted full urls over the last 7 days, covering malware/spam/phishing. URLs added only when main signatures have failed to detect but are known to be "bad"
junk.ndb|LOW # General high hitting junk, containing spam/phishing/lottery/jobs/419s etc
jurlbl.ndb|LOW # Junk Url based
+malwarehash.hsb|LOW # Malware hashes without known Size
phish.ndb|LOW # Phishing and Malware
rogue.hdb|LOW # Malware, Rogue anti-virus software and Fake codecs etc. Updated hourly to cover the latest malware threats
scam.ndb|LOW # Spam/scams
-spamimg.hdb|LOW # Spam images
spamattach.hdb|LOW # Spam Spammed attachments such as pdf/doc/rtf/zips
-blurl.ndb|LOW # Blacklisted full urls over the last 7 days, covering malware/spam/phishing. URLs added only when main signatures have failed to detect but are known to be "bad"
-malwarehash.hsb|LOW # Malware hashes without known Size
+spamimg.hdb|LOW # Spam images
# MEDIUM
+badmacro.ndb|MEDIUM # Blocks dangerous macros embedded in Word/Excel/Xml/RTF/JS documents
jurlbla.ndb|MEDIUM # Junk Url based autogenerated from various feeds
lott.ndb|MEDIUM # Lottery
+shelter.ldb|MEDIUM # Phishing and Malware
spam.ldb|MEDIUM # Spam detected using the new Logical Signature type
spear.ndb|MEDIUM # Spear phishing email addresses (autogenerated from data here)
spearl.ndb|MEDIUM # Spear phishing urls (autogenerated from data here)
-badmacro.ndb|MEDIUM # Blocks dangerous macros embedded in Word/Excel/Xml/RTF/JS documents
-shelter.ldb|MEDIUM # Phishing and Malware
### MALWARE.EXPERT https://malware.expert/
# LOW
### FOXHOLE http://sanesecurity.com/foxhole-databases/
# LOW
-foxhole_generic.cdb|LOW # See Foxhole page for more details
foxhole_filename.cdb|LOW # See Foxhole page for more details
+foxhole_generic.cdb|LOW # See Foxhole page for more details
# MEDIUM
foxhole_js.cdb|MEDIUM # See Foxhole page for more details
foxhole_js.ndb|MEDIUM # See Foxhole page for more details
### OITC http://www.oitc.com/winnow/clamsigs/index.html
### Note: the two databases winnow_phish_complete.ndb and winnow_phish_complete_url.ndb should NOT be used together.
# LOW
-winnow_malware.hdb|LOW # Current virus, trojan and other malware not yet detected by ClamAV.
-winnow_malware_links.ndb|LOW # Links to malware
-winnow_extended_malware.hdb|LOW # contain hand generated signatures for malware
-winnow.attachments.hdb|LOW # Spammed attachments such as pdf/doc/rtf/zip as well as malware crypted configs
winnow_bad_cw.hdb|LOW # md5 hashes of malware attachments acquired directly from a group of botnets
+winnow_extended_malware.hdb|LOW # contain hand generated signatures for malware
+winnow_malware_links.ndb|LOW # Links to malware
+winnow_malware.hdb|LOW # Current virus, trojan and other malware not yet detected by ClamAV.
winnow_phish_complete_url.ndb|LOWMEDIUMONLY # Similar to winnow_phish_complete.ndb except that entire urls are used
+winnow.attachments.hdb|LOW # Spammed attachments such as pdf/doc/rtf/zip as well as malware crypted configs
# MEDIUM
+winnow_extended_malware_links.ndb|MEDIUM # contain hand generated signatures for malware links
winnow_spam_complete.ndb|MEDIUM # Signatures to detect fraud and other malicious spam
winnow.complex.patterns.ldb|MEDIUM # contain hand generated signatures for malware and some egregious fraud
-winnow_extended_malware_links.ndb|MEDIUM # contain hand generated signatures for malware links
# HIGH
winnow_phish_complete.ndb|HIGH # Phishing and other malicious urls and compromised hosts **DO NOT USE WITH winnow_phish_complete_url**
### OITC YARA Format rules
-### Note: Yara signatures require ClamAV 0.99 or newer to work
-winnow_malware.yara|LOW # detect spam
+### Note: Yara signatures require ClamAV 0.100 or newer to work
+##winnow_malware.yara|LOW # detect spam
### MiscreantPunch http://malwarefor.me/about/
## MEDIUM
### BOFHLAND http://clamav.bofhland.org/
# LOW
bofhland_cracked_URL.ndb|LOW # Spam URLs
+bofhland_malware_attach.hdb|LOW # Malware Hashes
bofhland_malware_URL.ndb|LOW # Malware URLs
bofhland_phishing_URL.ndb|LOW # Phishing URLs
-bofhland_malware_attach.hdb|LOW # Malware Hashes
### RockSecurity http://rooksecurity.com/
# LOW
### Porcupine
# LOW
-porcupine.ndb|LOW # Brazilian e-mail phishing and malware signatures
phishtank.ndb|LOW # Online and valid phishing urls from phishtank.com data feed
porcupine.hsb|LOW # Sha256 Hashes of VBS and JSE malware, kept for 7 days
+porcupine.ndb|LOW # Brazilian e-mail phishing and malware signatures
### Sanesecurity YARA Format rules
-### Note: Yara signatures require ClamAV 0.99 or newer to work
+### Note: Yara signatures require ClamAV 0.100 or newer to work
Sanesecurity_sigtest.yara|LOW # Sanesecurity test signatures
Sanesecurity_spam.yara|LOW # Detects Spam emails
## REQUIRED, Do NOT disable
securiteinfo.ign2|REQUIRED # Signature Whitelist
# LOW
-securiteinfo.hdb|LOW # Malwares in the Wild
javascript.ndb|LOW # Malwares Javascript
-securiteinfohtml.hdb|LOW # Malwares HTML
+securiteinfo.hdb|LOW # Malwares younger than 3 years.
+securiteinfoandroid.hdb|LOW # Malwares Java/Android Dalvik
securiteinfoascii.hdb|LOW # Text file malwares (Perl or shell scripts, bat files, exploits, ...)
+securiteinfohtml.hdb|LOW # Malwares HTML
+securiteinfoold.hdb|LOW # Malwares older than 3 years.
securiteinfopdf.hdb|LOW # Malwares PDF
-securiteinfoandroid.hdb|LOW # Malwares Java/Android Dalvik
# HIGH
spam_marketing.ndb|HIGH # Spam Marketing / spammer blacklist
) #END SECURITEINFO DATABASES
+# NON-FREE DATABASES
+declare -a securiteinfo_dbs_premium=( #START SECURITEINFO DATABASES
+securiteinfo.mdb|LOW # 0-day Malwares
+securiteinfo0hour.hdb|LOW # 0-Hour Malwares
+)
# ========================
-# Linux Malware Detect Database(s)
+# LinuxMalwareDetect Database(s)
# ========================
# Add or remove database file names between quote marks as needed. To
-# disable any SecuriteInfo database downloads, remove the appropriate
+# disable any LinuxMalwareDetect database downloads, remove the appropriate
# lines below.
declare -a linuxmalwaredetect_dbs=(
### Linux Malware Detect https://www.rfxn.com/projects/linux-malware-detect/
# LOW
rfxn.ndb|LOW # HEX Malware detection signatures
-rfxn.hdb|LOW # MD5 malware detection signatures
+rfxn.hdb|LOW # MD5 Malware detection signatures
+rfxn.yara|LOW # Yara Malware detection signatures
) #END LINUXMALWAREDETECT DATABASES
# ========================
+# urlhaus Database(s)
+# ========================
+# Add or remove database file names between quote marks as needed. To
+# disable any urlhaus database downloads, remove the appropriate
+# lines below.
+declare -a urlhaus_dbs=(
+### urlhaus https://urlhaus.abuse.ch/browse/
+# LOW
+urlhaus.ndb|LOW # malicious URLs that are being used for malware distribution
+) #END URLHAUS DATABASES
+
+# ========================
# Yara Rules Project Database(s)
# ========================
# Add or remove database file names between quote marks as needed. To
# Some rules are now in sub-directories. To reference a file in a sub-directory
# use subdir/file
# LOW
-Antidebug_AntiVM/antidebug_antivm.yar|LOW # anti debug and anti virtualization techniques used by malware
-Exploit-Kits/EK_Angler.yar|LOW # Angler Exploit Kit Redirector
-Exploit-Kits/EK_Blackhole.yar|LOW # BlackHole2 Exploit Kit Detection
-Exploit-Kits/EK_BleedingLife.yar|LOW # BleedingLife2 Exploit Kit Detection
-Exploit-Kits/EK_Crimepack.yar|LOW # CrimePack Exploit Kit Detection
-Exploit-Kits/EK_Eleonore.yar|LOW # Eleonore Exploit Kit Detection
-Exploit-Kits/EK_Fragus.yar|LOW # Fragus Exploit Kit Detection
-Exploit-Kits/EK_Phoenix.yar|LOW # Phoenix Exploit Kit Detection
-Exploit-Kits/EK_Sakura.yar|LOW # Sakura Exploit Kit Detection
-Exploit-Kits/EK_ZeroAcces.yar|LOW # ZeroAccess Exploit Kit Detection
-Exploit-Kits/EK_Zerox88.yar|LOW # 0x88 Exploit Kit Detection
-Exploit-Kits/EK_Zeus.yar|LOW # Zeus Exploit Kit Detection
+# Anti debug and anti virtualization techniques used by malware
+antidebug_antivm/antidebug_antivm.yar|LOW
+# Aimed toward the detection and existence of Exploit Kits.
+#exploit_kits/EK_Angler.yar|LOW # duplicated in rxfn.yara
+#exploit_kits/EK_Blackhole.yar|LOW # duplicated in rxfn.yara
+exploit_kits/EK_BleedingLife.yar|LOW # duplicated in rxfn.yara
+#exploit_kits/EK_Crimepack.yar|LOW # duplicated in rxfn.yara
+#exploit_kits/EK_Eleonore.yar|LOW # duplicated in rxfn.yara
+#exploit_kits/EK_Fragus.yar|LOW # duplicated in rxfn.yara
+#exploit_kits/EK_Phoenix.yar|LOW # duplicated in rxfn.yara
+#exploit_kits/EK_Sakura.yar|LOW # duplicated in rxfn.yara
+#exploit_kits/EK_ZeroAcces.yar|LOW # duplicated in rxfn.yara
+#exploit_kits/EK_Zerox88.yar|LOW # duplicated in rxfn.yara
+#exploit_kits/EK_Zeus.yar|LOW # duplicated in rxfn.yara
+# Identification of well-known webshells
+#webshells/WShell_APT_Laudanum.yar|LOW # duplicated in rxfn.yara
+webshells/WShell_ASPXSpy.yar|LOW
+webshells/WShell_Drupalgeddon2_icos.yar|LOW
+#webshells/WShell_PHP_Anuna.yar|LOW # duplicated in rxfn.yara
+#webshells/WShell_PHP_in_images.yar|LOW # duplicated in rxfn.yara
+#webshells/WShell_THOR_Webshells.yar|LOW # duplicated in rxfn.yara
+#webshells/Wshell_ChineseSpam.yar|LOW # duplicated in rxfn.yara
+#webshells/Wshell_fire2013.yar|LOW # duplicated in rxfn.yara
# MEDIUM
-Malicious_Documents/maldoc_somerules.yar|MEDIUM # documents with malicious code
-Malicious_Documents/Maldoc_Hidden_PE_file.yar|MEDIUM # Detect a hidden PE file inside a sequence of numbers (comma separated)
-Packers/packer.yar|MEDIUM # well-known sofware packers
-CVE_Rules/CVE-2010-0805.yar|MEDIUM # CVE 2010 0805
-CVE_Rules/CVE-2010-0887.yar|MEDIUM # CVE 2010 0887
-CVE_Rules/CVE-2010-1297.yar|MEDIUM # CVE 2010 1297
-CVE_Rules/CVE-2013-0074.yar|MEDIUM # CVE 2013 0074
-CVE_Rules/CVE-2013-0422.yar|MEDIUM # CVE 2013 0422
-CVE_Rules/CVE-2015-5119.yar|MEDIUM # CVE 2015 5119
+# Identification of specific Common Vulnerabilities and Exposures (CVEs)
+cve_rules/CVE-2010-0805.yar|MEDIUM
+cve_rules/CVE-2010-0887.yar|MEDIUM
+cve_rules/CVE-2010-1297.yar|MEDIUM
+cve_rules/CVE-2012-0158.yar|MEDIUM
+cve_rules/CVE-2013-0074.yar|MEDIUM
+cve_rules/CVE-2013-0422.yar|MEDIUM
+cve_rules/CVE-2015-1701.yar|MEDIUM
+cve_rules/CVE-2015-2426.yar|MEDIUM
+cve_rules/CVE-2015-2545.yar|MEDIUM
+cve_rules/CVE-2015-5119.yar|MEDIUM
+cve_rules/CVE-2016-5195.yar|MEDIUM
+cve_rules/CVE-2017-11882.yar|MEDIUM
+cve_rules/CVE-2018-20250.yar|MEDIUM
+cve_rules/CVE-2018-4878.yar|MEDIUM
+# Identification of malicious e-mails.
+email/bank_rule.yar|MEDIUM
+email/EMAIL_Cryptowall.yar|MEDIUM
+email/Email_fake_it_maintenance_bulletin|MEDIUM
+email/Email_generic_phishing|MEDIUM
+email/Email_quota_limit_warning|MEDIUM
+email/email_Ukraine_BE_powerattack.yar|MEDIUM
+email/scam.yar|MEDIUM
+# Detect well-known software packers, that can be used by malware to hide itself.
+packers/JJencode.yar|MEDIUM
+packers/packer_compiler_signatures.yar|MEDIUM
+packers/packer.yar|MEDIUM
+packers/peid.yar|MEDIUM
# HIGH
-Packers/Javascript_exploit_and_obfuscation.yar|HIGH # JavaScript Obfuscation Detection
-Crypto/crypto.yar|HIGH # detect the existence of cryptographic algoritms
+# Used with documents to find if they have been crafted to leverage malicious code.
+maldocs/Maldoc_APT_OLE_JSRat.yar|HIGH
+maldocs/Maldoc_APT10_MenuPass.yar|HIGH
+maldocs/Maldoc_APT19_CVE-2017-1099.yar|HIGH
+maldocs/Maldoc_Contains_VBE_File.yar|HIGH
+maldocs/Maldoc_CVE_2017_11882.yar|HIGH
+maldocs/Maldoc_CVE_2017_8759.yar|HIGH
+maldocs/Maldoc_CVE-2017-0199.yar|HIGH
+maldocs/Maldoc_DDE.yar|HIGH
+maldocs/Maldoc_Dridex.yar|HIGH
+maldocs/Maldoc_hancitor_dropper|HIGH
+maldocs/Maldoc_Hidden_PE_file.yar|HIGH
+maldocs/Maldoc_malrtf_ole2link.yar|HIGH
+maldocs/Maldoc_MIME_ActiveMime_b64.yar|HIGH
+maldocs/Maldoc_PDF.yar|HIGH
+maldocs/Maldoc_PowerPointMouse.yar|HIGH
+maldocs/maldoc_somerules.yar|HIGH
+maldocs/Maldoc_Suspicious_OLE_target.yar|HIGH
+maldocs/Maldoc_UserForm.yar|HIGH
+maldocs/Maldoc_VBA_macro_code.yar|HIGH
+maldocs/Maldoc_Word_2007_XML_Flat_OPC.yar|HIGH
+# Yara Rules aimed to detect well-known software packers, that can be used by malware to hide itself.
+packers/Javascript_exploit_and_obfuscation.yar|HIGH
) #END yararulesproject DATABASES
+declare -a yararulesproject_dbs_blacklisted=(
+email/attachment.yar # detects all emails with attachments
+email/image.yar # detects all emails with images
+email/urls.yar # detects all emails with urls
+crypto/crypto_signatures.yar # detects all files which are encrypted
+)
+
+declare -a yararulesproject_dbs_catagories=(
+#LOW
+antidebug_antivm|LOW
+cve_rules|LOW
+exploit_kits|LOW
+malware|LOW
+webshells|LOW
+#MEDIUM
+email|MEDIUM
+maldocs|MEDIUM
+# HIGH
+capabilities|HIGH
+crypto|HIGH
+packers|HIGH
+)
+
+
# =========================
# Additional signature databases
# =========================
# http://www.example.org/sigs.ldb
#) #END ADDITIONAL DATABASES
+# ==================================================
+# ==================================================
+# D E B U G O P T I O N S
+# ==================================================
+# ==================================================
+
+# Enable debugging, will cause all options below to enable
+debug="no"
+
+# Causes the xshok_file_download function to be verbose, used for debugging
+downloader_debug="no"
+
+# Causes clamscan signature test errors to be vebose
+clamscan_debug="no"
+
+# Causes curl errors to be vebose
+curl_debug="no"
+
+# Causes wget errors to be vebose
+wget_debug="no"
+
+# Causes rsync errors to be vebose
+rsync_debug="no"
# ==================================================
# ==================================================
# ==================================================
# ==================================================
+# Branch for update checking, default: master
+git_branch="master"
+
+# Enable support for script and master.conf upgrades
+# enbles the --upgrade command line option
+# packagers, if required please disable or set this option to no in the os.conf
+allow_upgrades="yes"
+
+# Enable support for script and master.conf update checks
+# packagers, if required please disable or set this option to no in the os.conf
+allow_update_checks="yes"
+
+# How often the script should check for updates
+update_check_hours="12"# Default is 12 hours (2 checks daily).
+
# Enable or disable download time randomization. This allows the script to
# be executed via cron, but the actual database file checking will pause
# for a random number of seconds between the "min" and "max" time settings
# If download time randomization is enabled above (enable_random="yes"),
# then set the min and max radomization time intervals (in seconds).
-min_sleep_time="60" # Default minimum is 60 seconds (1 minute).
max_sleep_time="600" # Default maximum is 600 seconds (10 minutes).
+min_sleep_time="60" # Default minimum is 60 seconds (1 minute).
# Command to do a full clamd service stop/start
#clamd_restart_opt="service clamd restart"
# Custom Command Paths, these are detected with the which command when not set
-#uname_bin="/usr/bin/uname"
#clamscan_bin="/usr/bin/clamscan"
-#rsync_bin="/usr/bin/rsync"
-#wget_bin="/usr/bin/wget"
#curl_bin="/usr/bin/curl"
#gpg_bin="/usr/bin/gpg"
+#rsync_bin="/usr/bin/rsync"
+#tar_bin="/usr/bin/tar"
+#uname_bin="/usr/bin/uname"
+#wget_bin="/usr/bin/wget"
+
+# force wget, by default curl is used when curl and wget is present.
+force_wget="no"
# GnuPG / Signature verification
# To disable usage of gpg, set the following variable to "no".
# The defaults settings here are reasonable, only change if you are
# experiencing timeout issues.
downloader_connect_timeout="60"
-downloader_max_time="180"
+downloader_max_time="1800"
# Set downloader retry count for failed transfers
-downloader_tries="3"
+downloader_tries="5"
# Set working directory paths (edit to meet your own needs). If these
# directories do not exist, the script will attempt to create them.
# Always located inside the work_dir, do not add /
# Sub-directory names:
-sanesecurity_dir="dbs-ss" # Sanesecurity sub-directory
-securiteinfo_dir="dbs-si" # SecuriteInfo sub-directory
+add_dir="dbs-add" # User defined databases sub-directory
+gpg_dir="gpg-key" # Sanesecurity GPG Key sub-directory
linuxmalwaredetect_dir="dbs-lmd" # Linux Malware Detect sub-directory
malwarepatrol_dir="dbs-mbl" # MalwarePatrol sub-directory
-yararulesproject_dir="dbs-yara" # Yara-Rules sub-directory
-work_dir_configs="configs" # Script configs sub-directory
-gpg_dir="gpg-key" # Sanesecurity GPG Key sub-directory
pid_dir="pid" # User defined pid sub-directory
-add_dir="dbs-add" # User defined databases sub-directory
+sanesecurity_dir="dbs-ss" # Sanesecurity sub-directory
+securiteinfo_dir="dbs-si" # SecuriteInfo sub-directory
+urlhausy_dir="dbs-uh" # urlhaus sub-directory
+work_dir_configs="configs" # Script configs sub-directory
+yararulesproject_dir="dbs-yara" # Yara-Rules sub-directory
# If you would like to make a backup copy of the current running database
# file before updating, leave the following variable set to "yes" and a
#
selinux_fixes="no" # Default is "no" ignore ssl errors and warnings
-# If necessary to proxy database downloads, define the rsync and/or wget
-# proxy settings here. For rsync, the proxy must support connections to
-# port 873. Both wget and rsync proxy setting need to be defined in the
-# format of "hostname:port". For wget, also note the https and http
-#rsync_proxy=""
-#curl_proxy=""
-#wget_proxy_http="-e http_proxy=http://username:password@proxy_host:proxy_port"
-#wget_proxy_https="-e https_proxy=https://username:password@proxy_host:proxy_port"
-
+# Proxy Support
+# If necessary to proxy database downloads, define the rsync, curl, wget, dig, hosr proxy settings here.
+#rsync_proxy="username:password@proxy_host:proxy_port"
+#curl_proxy="--proxy http://username:password@proxy_host:proxy_port"
+#wget_proxy="-e http_proxy=http://username:password@proxy_host:proxy_port -e https_proxy=https://username:password@proxy_host:proxy_port"
+#dig_proxy="@proxy_host -p proxy_host:proxy_port"
+#host_proxy="@proxy_host" #does not support port
# Custom Cron install settings, these are detected and only used if you want to override
# the automatic detection and generation of the values when not set, this is mainly to aid package maintainers
#cron_filename="" #default: clamav-unofficial-sigs
#cron_minute="" #default: random value between 0-59
#cron_user="" #default: uses the clam_user
+#cron_sudo="no" #default no, yes will append sudo -u before the username
#cron_bash="" #default: detected with the which command
#cron_script_full_path="" #default: detected to the fullpath of the script
# Custom full working directory paths, these are detected and only used if you want to override
# the automatic detection and generation of the values when not set, this is mainly to aid package maintainers
-#work_dir_sanesecurity="" #default: uses work_dir/sanesecurity_dir
-#work_dir_securiteinfo="" #default: uses work_dir/securiteinfo_dir
-#work_dir_linuxmalwaredetect="" #default: uses work_dir/linuxmalwaredetect_dir
-#work_dir_malwarepatrol="" #default: uses work_dir/malwarepatrol_dir
-#work_dir_yararulesproject="" #default: uses work_dir/yararulesproject_dir
#work_dir_add="" #default: uses work_dir/add_dir
-#work_dir_work_configs="" #default: uses work_dir/work_dir_configs
#work_dir_gpg="" #default: uses work_dir/gpg_dir
+#work_dir_linuxmalwaredetect="" #default: uses work_dir/linuxmalwaredetect_dir
+#work_dir_malwarepatrol="" #default: uses work_dir/malwarepatrol_dir
#work_dir_pid="" #default: uses work_dir/pid_dir
+#work_dir_sanesecurity="" #default: uses work_dir/sanesecurity_dir
+#work_dir_securiteinfo="" #default: uses work_dir/securiteinfo_dir
+#work_dir_urlhaus="" #default: uses work_dir/urlhaus_dir
+#work_dir_work_configs="" #default: uses work_dir/work_dir_configs
+#work_dir_yararulesproject="" #default: uses work_dir/yararulesproject_dir
# ========================
# After you have completed the configuration of this file, set the value to "yes"
# ========================
# DO NOT EDIT !
# Database provider URLs
-sanesecurity_url="rsync.sanesecurity.net"
+linuxmalwaredetect_sigpack_url="https://cdn.rfxn.com/downloads/maldet-sigpack.tgz"
+linuxmalwaredetect_version_url="https://cdn.rfxn.com/downloads/maldet.sigs.ver"
+malwarepatrol_url="https://lists.malwarepatrol.net/cgi/getfile"
sanesecurity_gpg_url="http://www.sanesecurity.net/publickey.gpg"
+sanesecurity_url="rsync.sanesecurity.net"
securiteinfo_url="https://www.securiteinfo.com/get/signatures"
-linuxmalwaredetect_url="http://cdn.rfxn.com/downloads"
-malwarepatrol_url="https://lists.malwarepatrol.net/cgi/getfile"
+urlhaus_url="https://urlhaus.abuse.ch/downloads"
yararulesproject_url="https://raw.githubusercontent.com/Yara-Rules/rules/master"
# ========================
# DO NOT EDIT !
-config_version="73"
+config_version="91"
+################################################################################
+#
+# DO NOT EDIT THIS FILE !! DO NOT EDIT THIS FILE !! DO NOT EDIT THIS FILE !!
+#
+################################################################################
# https://eXtremeSHOK.com ######################################################
projects / clamav-unofficial-sigs.git / blobdiff