Sanesecurity ClamAV sigs are back. Yay!

Julian Field jkf at
Thu Jan 22 09:17:28 GMT 2009

In case you didn't know, Steve Basford and his wonderful crew at 
SaneSecurity have got their nice set of ClamAV signatures back up and 
running, after they were badly DDoS-ed a few weeks ago. And they have 
added some new stuff such as more protection against spear-phishing. 
This is *well* worth using.

You can get a new download script from here:

You may want to put it in /etc/cron.hourly, so it gets updated every 
hour for you automatically with no action from you. And you will need to 
do this command to ensure it gets run:
   chmod +x /etc/cron.hourly/fetch-sanesecurity-sigs

You will need to check that the commands gpg, wget and rsync are all 
installed and on your path. Just try the commands with no options and 
see if it gives you a "Command not found" error. If no error like that, 
you're good to go.

If you are using my ClamAV+SpamAssassin package, which installs ClamAV 
in /usr/local, then you will need to set this in the correct place near 
the top of the script:

# ClamAV database location

instead of the default location of /var/clamav. And you *may* need to 
change the "clamd_pidfile" setting to

# ClamAV daemon process ID file
# (If this is commented out, the daemon will not be reloaded automatically)

but check where your pid file actually is, it should be under /var/run 
somewhere and will be called "". You'll find it, I'm sure :-)

If you are using the ClamAV installation provided by FSL as part of 
BarricadeMX, then you will need to change the clamd_dbdir setting to

# ClamAV database location

I think that pretty much covers it.
Run the script once by hand to be sure it is running properly and not 
producing any serious errors.


Julian Field MEng MBCS CITP CEng
jkf at
Teaching Systems Manager
Electronics&  Computer Science
University of Southampton
SO17 1BJ, UK

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key:

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list