From e23f465f237334264a0684236b885b5ffa79c15d Mon Sep 17 00:00:00 2001 From: Ivan Rako Date: Tue, 3 Jul 2018 00:43:43 +0200 Subject: [PATCH] prva verzija za stretch --- README.md | 252 ++++++++++++++++++++++++++++++++++--------------------------- 1 file changed, 139 insertions(+), 113 deletions(-) diff --git a/README.md b/README.md index 3e21ade..ee74bdb 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,4 @@ -# clamav-unofficial-sigs [![Build Status](https://travis-ci.org/extremeshok/clamav-unofficial-sigs.svg?branch=master)](https://travis-ci.org/extremeshok/clamav-unofficial-sigs) [![GitHub Release](https://img.shields.io/github/release/extremeshok/clamav-unofficial-sigs.svg?label=Latest)](https://github.com/extremeshok/clamav-unofficial-sigs/releases/latest) - -[![Code Climate](https://codeclimate.com/github/extremeshok/clamav-unofficial-sigs/badges/gpa.svg)](https://codeclimate.com/github/extremeshok/clamav-unofficial-sigs) -[![Test Coverage](https://codeclimate.com/github/extremeshok/clamav-unofficial-sigs/badges/coverage.svg)](https://codeclimate.com/github/extremeshok/clamav-unofficial-sigs/coverage) -[![Issue Count](https://codeclimate.com/github/extremeshok/clamav-unofficial-sigs/badges/issue_count.svg)](https://codeclimate.com/github/extremeshok/clamav-unofficial-sigs) - +# clamav-unofficial-sigs [![GitHub Release](https://img.shields.io/github/release/extremeshok/clamav-unofficial-sigs.svg?label=Latest)](https://github.com/extremeshok/clamav-unofficial-sigs/releases/latest) [![Build Status](https://travis-ci.org/extremeshok/clamav-unofficial-sigs.svg?branch=master)](https://travis-ci.org/extremeshok/clamav-unofficial-sigs) [![Issue Count](https://codeclimate.com/github/extremeshok/clamav-unofficial-sigs/badges/issue_count.svg)](https://codeclimate.com/github/extremeshok/clamav-unofficial-sigs) ClamAV Unofficial Signatures Updater @@ -26,12 +21,12 @@ Please post them on the issue tracker : https://github.com/extremeshok/clamav-un * wget/curl : TCP port 443 ### Supported Operating Systems -Debian, Ubuntu, Raspbian, CentOS (RHEL and clones), OpenBSD, FreeBSD, OpenSUSE, Archlinux, Mac OS X, Slackware, Solaris (Sun OS) and derivative systems +Debian, Ubuntu, Raspbian, CentOS (RHEL and clones), OpenBSD, FreeBSD, OpenSUSE, Archlinux, Mac OS X, Slackware, Solaris (Sun OS), pfSense, Zimbra and derivative systems ### Quick Install Guide * Download the files to /tmp/ -* Copy clamav-unofficial-sigs.sh to /usr/local/bin/ -* Set 755 permissions on /usr/local/bin/clamav-unofficial-sigs.sh +* Copy clamav-unofficial-sigs.sh to /usr/local/sbin/ +* Set 755 permissions on /usr/local/sbin/clamav-unofficial-sigs.sh * Make the directory /etc/clamav-unofficial-sigs/ * Copy the contents of config/ into /etc/clamav-unofficial-sigs/ * Make the directory /var/log/clamav-unofficial-sigs/ @@ -88,7 +83,7 @@ Usage of SecuriteInfo 2015 free clamav signatures : https://www.securiteinfo.com - 3. Login and navigate to your customer account : https://www.securiteinfo.com/clients/customers/account - 4. Click on the Setup tab - 5. You will need to get your unique identifier from one of the download links, they are individual for every user - - 5.1. The 128 character string is after the http://www.securiteinfo.com/get/signatures/ + - 5.1. The 128 character string is after the http://www.securiteinfo.com/get/signatures/ - 5.2. Example https://www.securiteinfo.com/get/signatures/your_unique_and_very_long_random_string_of_characters/securiteinfo.hdb Your 128 character authorisation signature would be : your_unique_and_very_long_random_string_of_characters - 6. Enter the authorisation signature into the config securiteinfo_authorisation_signature: replacing YOUR-SIGNATURE-NUMBER with your authorisation signature from the link @@ -97,21 +92,126 @@ Usage of SecuriteInfo 2015 free clamav signatures : https://www.securiteinfo.com Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/projects/linux-malware-detect/ - Enabled by default, no configuration required +## USAGE + +Usage: clamav-unofficial-sigs.sh [OPTION] [PATH|FILE] + +-c, --config Use a specific configuration file or directory + eg: '-c /your/dir' or ' -c /your/file.name' + Note: If a directory is specified the directory must contain atleast: + master.conf, os.conf or user.conf + Default Directory: /etc/clamav-unofficial-sigs + +-F, --force Force all databases to be downloaded, could cause ip to be blocked + +-h, --help Display this script's help and usage information + +-V, --version Output script version and date information + +-v, --verbose Be verbose, enabled when not run under cron + +-s, --silence Only output error messages, enabled when run under cron + +-d, --decode-sig Decode a third-party signature either by signature name + (eg: Sanesecurity.Junk.15248) or hexadecimal string. + This flag will 'NOT' decode image signatures + +-e, --encode-string Hexadecimal encode an entire input string that can + be used in any '*.ndb' signature database file + +-f, --encode-formatted Hexadecimal encode a formatted input string containing + signature spacing fields '{}, (), *', without encoding + the spacing fields, so that the encoded signature + can be used in any '*.ndb' signature database file + +-g, --gpg-verify GPG verify a specific Sanesecurity database file + eg: '-g filename.ext' (do not include file path) + +-i, --information Output system and configuration information for + viewing or possible debugging purposes + +-m, --make-database Make a signature database from an ascii file containing + data strings, with one data string per line. Additional + information is provided when using this flag + +-t, --test-database Clamscan integrity test a specific database file + eg: '-t filename.ext' (do not include file path) + +-o, --output-triggered If HAM directory scanning is enabled in the script's + configuration file, then output names of any third-party + signatures that triggered during the HAM directory scan + +-w, --whitelist Adds a signature whitelist entry in the newer ClamAV IGN2 + format to 'my-whitelist.ign2' in order to temporarily resolve + a false-positive issue with a specific third-party signature. + Script added whitelist entries will automatically be removed + if the original signature is either modified or removed from + the third-party signature database + +--check-clamav If ClamD status check is enabled and the socket path is correctly + specifiedthen test to see if clamd is running or not + +--install-all Install and generate the cron, logroate and man files, autodetects the values + based on your config files + +--install-cron Install and generate the cron file, autodetects the values + based on your config files + +--install-logrotate Install and generate the logrotate file, autodetects the + values based on your config files + +--install-man Install and generate the man file, autodetects the + values based on your config files + +--remove-script Remove the clamav-unofficial-sigs script and all of + its associated files and databases from the system + ## Change Log -### Version 5.4.1 (updated 2016-06-20) +### Version 5.6.2 (updated 2017-03-19) + - eXtremeSHOK.com Maintenance + - Bug Fix GPG always being disabled, thanks @orlitzky + +### Version 5.6.1 + - eXtremeSHOK.com Maintenance + - Packers/Javascript_exploit_and_obfuscation.yar false positive rating increased to HIGH + - Codeclimate fixes + - Incremented the config to version 73 + +### Version 5.6 + - eXtremeSHOK.com Maintenance + - PGP is now optional and no longer a requirement and pgp support is auto-detected + - Full support for MacOS / OS X and added clamav install guide + - Full support for pfSense and added clamav install guide + - Added os configs for Zimbra and Debian 8 with systemd + - Much better error messages with possible solutions given + - Better checking of possible issues + - Update all SANESECURITY signature databases + - Support for clamav-devel (clamav compiled from source) + - Added full proxy support to wget and curl + - Replace allot of "echo | cut | sed" with bash substitutions + - Added fallbacks/substitutions for various commands + - xshok_file_download and xshok_draw_time_remaining functions added to replace redundant code blocks + - Removed SANESECURITY mbl.ndb as this file is not showing up on the rsync mirrors + - Allow exit code 23 for rsync + - Major refactoring : Normalize comments, quotes, functions, conditions + - Protect various arguments and "POSIX-ize" script integrity + - Enhanced testing with travis-ci, including clamav 0.99 + - Incremented the config to version 72 + +### Version 5.4.1 - eXtremeSHOK.com Maintenance - Disable installation when either pkg_mgr or pkg_rm is defined. - Minor refactoring - - Update master.conf with the new Yara-rules project file names + - Update master.conf with the new Yara-rules project file names - Incremented the config to version 69 - + ### Version 5.4 - eXtremeSHOK.com Maintenance - Added Solaris 10 and 11 configs - When under Solaris we define our own which function - Define grep_bin variable, use gnu grep on sun os - - Fallback to gpg2 if gpg not found, + - Fallback to gpg2 if gpg not found, - Added support for csw gnupg on solaris - Trap the keyboard interrupt (ctrl+c) and gracefully exit - Added CentOS 7 Atomic config @deajan @@ -182,7 +282,7 @@ Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/proje - Minor fix: yararulesproject_enabled not yararulesproject_enable ### Version 5.2.0 - - eXtremeSHOK.com Maintenance + - eXtremeSHOK.com Maintenance - Refactor some functions - Added --install-man this will automatically generate and install the man (help) file - Yararules and yararulesproject enabled by default @@ -202,7 +302,7 @@ Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/proje - Bump config to 62 ### Version 5.1.1 - - eXtremeSHOK.com Maintenance + - eXtremeSHOK.com Maintenance - Added OS X and openbsd configs - Fixed host fallback sed issues by @MichaelKuch - Suppress most error messages of chmod and chown @@ -215,11 +315,11 @@ Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/proje - Bump config to 61 ### Version 5.1.0 - - eXtremeSHOK.com Maintenance + - eXtremeSHOK.com Maintenance - Added --install-cron this will automatically generate and install the cron file - Added --install-logrotate this will automatically generate and install the logrotate file - Change official URL of SecuriteInfo signatures - - Added a new database (securiteinfoandroid.hdb) for SecuriteInfo + - Added a new database (securiteinfoandroid.hdb) for SecuriteInfo - Remove database files after disabling a database group by @reneschuster - Updated Gentoo OS config by @orlitzky - Regroup functiuons @@ -228,12 +328,12 @@ Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/proje - Bump config to 60 ### Version 5.0.6 - - eXtremeSHOK.com Maintenance + - eXtremeSHOK.com Maintenance - Updated winnow databases as per information from Tom @ OITC - Bump config to 58 ### Version 5.0.5 - - eXtremeSHOK.com Maintenance + - eXtremeSHOK.com Maintenance - Add support for specifying a custom config dir or file with (--config) -c option - Removed default_config - Added travis-ci build testing @@ -254,7 +354,7 @@ Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/proje - Added script version checks ### Version 5.0.4 - - eXtremeSHOK.com Maintenance + - eXtremeSHOK.com Maintenance - Added/Updated OS configs: CentOS 7, FreeBSD, Slackware - Added clamd_reload_opt to fix issues with centos7 conf - Fix --remove-script should call remove_script() function by @IdahoPL @@ -269,38 +369,38 @@ Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/proje - Config updated to 56 due to changes ### Version 5.0.3 - - eXtremeSHOK.com Maintenance + - eXtremeSHOK.com Maintenance - Added OS configs: OpenSUSE, Archlinux, Gentoo, Raspbian, FreeBSD - Fixed config option enable_logging -> logging_enabled ### Version 5.0.2 - - eXtremeSHOK.com Maintenance + - eXtremeSHOK.com Maintenance - Detect if the entire script is available/complete - Fix for Missing space between "] ### Version 5.0.1 - - eXtremeSHOK.com Maintenance + - eXtremeSHOK.com Maintenance - Disable logging if the log file is not writable. - Do not attempt to log before a config is loaded ### Version 5.0.0 - - eXtremeSHOK.com Maintenance + - eXtremeSHOK.com Maintenance - Added porcupine.hsb : Sha256 Hashes of VBS and JSE malware Database from sanesecurity - Fix for missing $ for clamd_pid an incorrect variable definition - - Fixes for not removing dirs by @msapiro + - Fixes for not removing dirs by @msapiro - Updates to account for changed names and addition of sub-directories for Yara-Rules by @msapiro - Use MD5 with MalwarePatrol by @olivier2557 - Suppress the header and config loading message if running via cron - Added systemd files by @falon - Added config option remove_bad_database, a database with a BAD integrity check will be removed - Fixed broken whitelisting of malwarepatrol signatures - - Replaced Version command option -v with -V + - Replaced Version command option -v with -V - Added command option -v (--verbose) to force verbose output - Removed config options: silence_ssl, curl_silence, rsync_silence, gpg_silence, comment_silence - Added ignore_ssl option to supress ssl errors and warnings, ie operate in insecure mode. - Replaced test-database command option -s with -t - Replaced output-triggered command option -t with -o - - Added command option -s (--silence) to force silenced output + - Added command option -s (--silence) to force silenced output - Default verbose for terminal and silence for cron - Added RHEL/Centos 7 config settings - Added short option (-F) to Force all databases to be downloaded, could cause ip to be blocked" @@ -313,23 +413,23 @@ Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/proje - minor code refactoring and reindenting ### Version 4.9.3 - - eXtremeSHOK.com Maintenance + - eXtremeSHOK.com Maintenance - Various Bug Fixes - Last release of 4.x.x base - minor code refactoring ### Version 4.9.2 - - eXtremeSHOK.com Maintenance + - eXtremeSHOK.com Maintenance - Added function xshok_check_s2 to prevent possible errors with -c and no configfile path - minor code refactoring ### Version 4.9.1 - - eXtremeSHOK.com Maintenance + - eXtremeSHOK.com Maintenance - OS X compatibility fix by stewardle - missing $ in $yararules_enabled ### Version 4.9 - - eXtremeSHOK.com Maintenance + - eXtremeSHOK.com Maintenance - Code Refactoring - New function clamscan_reload_dbs, will first try and reload the clam database, if reload fails will restart clamd - Added Function xshok_pretty_echo_and_log, far easier and cleaner way to output and log information @@ -342,7 +442,7 @@ Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/proje - Config updated to 53 due to changes ### Version 4.8 - - eXtremeSHOK.com Maintenance + - eXtremeSHOK.com Maintenance - Added long option (--force) to Force all databases to be downloaded, could cause ip to be blocked" - added config option: malwarepatrol_free="yes", set to "no" to enable commercial subscription url - added support for commercial malwarepatrol subscription @@ -352,7 +452,7 @@ Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/proje - Config updated to 52 due to changes ### Version 4.7 - - eXtremeSHOK.com Maintenance + - eXtremeSHOK.com Maintenance - Code Refactoring - Complete rewrite of the main case selector (program options) - Added long options (--decode-sig, --encode-string, --encode-formatted, --gpg-verify, --information, --make-database, --remove-script, --test-database, --output-triggered) @@ -361,7 +461,7 @@ Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/proje - Config updated to 51 due to changes ### Version 4.6.1 - - eXtremeSHOK.com Maintenance + - eXtremeSHOK.com Maintenance - Code Refactoring - Added generic options (--help --version --config) - Correctly handle generic options before the main case selector @@ -370,7 +470,7 @@ Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/proje - Removed the version information code as this is always printed ### Version 4.6 - - eXtremeSHOK.com Maintenance + - eXtremeSHOK.com Maintenance - Code Refactoring - Removed custom config forced to use the same filename as the default config - Change file checks from exists to exists and is readable @@ -407,7 +507,7 @@ Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/proje ### Version 4.4.5 - eXtremeSHOK.com Maintenance - - Updated SecuriteInfo setup instructions + - Updated SecuriteInfo setup instructions ### Version 4.4.4 - eXtremeSHOK.com Maintenance @@ -434,7 +534,7 @@ Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/proje ### Version 4.4.0 - eXtremeSHOK.com Maintenance - - Code refactoring: + - Code refactoring: - Added full support for Linux Malware Detect clamav databases - Config updated to 4.4 @@ -477,81 +577,7 @@ Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/proje - Remove: invalid config values (eg. EXPORT path) - Fix: correctly check if rsync was successful -## USAGE - -Usage: clamav-unofficial-sigs.sh [OPTION] [PATH|FILE] - --c, --config Use a specific configuration file or directory - eg: '-c /your/dir' or ' -c /your/file.name' - Note: If a directory is specified the directory must contain atleast: - master.conf, os.conf or user.conf - Default Directory: /etc/clamav-unofficial-sigs - --F, --force Force all databases to be downloaded, could cause ip to be blocked - --h, --help Display this script's help and usage information - --V, --version Output script version and date information - --v, --verbose Be verbose, enabled when not run under cron - --s, --silence Only output error messages, enabled when run under cron - --d, --decode-sig Decode a third-party signature either by signature name - (eg: Sanesecurity.Junk.15248) or hexadecimal string. - This flag will 'NOT' decode image signatures - --e, --encode-string Hexadecimal encode an entire input string that can - be used in any '*.ndb' signature database file - --f, --encode-formatted Hexadecimal encode a formatted input string containing - signature spacing fields '{}, (), *', without encoding - the spacing fields, so that the encoded signature - can be used in any '*.ndb' signature database file - --g, --gpg-verify GPG verify a specific Sanesecurity database file - eg: '-g filename.ext' (do not include file path) - --i, --information Output system and configuration information for - viewing or possible debugging purposes - --m, --make-database Make a signature database from an ascii file containing - data strings, with one data string per line. Additional - information is provided when using this flag - --t, --test-database Clamscan integrity test a specific database file - eg: '-t filename.ext' (do not include file path) - --o, --output-triggered If HAM directory scanning is enabled in the script's - configuration file, then output names of any third-party - signatures that triggered during the HAM directory scan - --w, --whitelist Adds a signature whitelist entry in the newer ClamAV IGN2 - format to 'my-whitelist.ign2' in order to temporarily resolve - a false-positive issue with a specific third-party signature. - Script added whitelist entries will automatically be removed - if the original signature is either modified or removed from - the third-party signature database - ---check-clamav If ClamD status check is enabled and the socket path is correctly - specifiedthen test to see if clamd is running or not - ---install-all Install and generate the cron, logroate and man files, autodetects the values - based on your config files - ---install-cron Install and generate the cron file, autodetects the values - based on your config files - ---install-logrotate Install and generate the logrotate file, autodetects the - values based on your config files - ---install-man Install and generate the man file, autodetects the - values based on your config files - ---remove-script Remove the clamav-unofficial-sigs script and all of - its associated files and databases from the system - -## Script updates can be found at: +## Script updates can be found at: ### https://github.com/extremeshok/clamav-unofficial-sigs Original Script can be found at: http://sourceforge.net/projects/unofficial-sigs -- 1.7.10.4