Sanesecurity ClamAV sigs are back. Yay!
Julian Field
jkf at ecs.soton.ac.uk
Thu Jan 22 09:17:28 GMT 2009
In case you didn't know, Steve Basford and his wonderful crew at
SaneSecurity have got their nice set of ClamAV signatures back up and
running, after they were badly DDoS-ed a few weeks ago. And they have
added some new stuff such as more protection against spear-phishing.
This is *well* worth using.
You can get a new download script from here:
http://www.retrosnub.co.uk/sanesecurity/script/fetch-sanesecurity-sigs
You may want to put it in /etc/cron.hourly, so it gets updated every
hour for you automatically with no action from you. And you will need to
do this command to ensure it gets run:
chmod +x /etc/cron.hourly/fetch-sanesecurity-sigs
You will need to check that the commands gpg, wget and rsync are all
installed and on your path. Just try the commands with no options and
see if it gives you a "Command not found" error. If no error like that,
you're good to go.
If you are using my ClamAV+SpamAssassin package, which installs ClamAV
in /usr/local, then you will need to set this in the correct place near
the top of the script:
# ClamAV database location
clamd_dbdir="/usr/local/share/clamav"
instead of the default location of /var/clamav. And you *may* need to
change the "clamd_pidfile" setting to
# ClamAV daemon process ID file
# (If this is commented out, the daemon will not be reloaded automatically)
clamd_pidfile="/var/run/clamd.pid"
but check where your pid file actually is, it should be under /var/run
somewhere and will be called "clamd.pid". You'll find it, I'm sure :-)
If you are using the ClamAV installation provided by FSL as part of
BarricadeMX, then you will need to change the clamd_dbdir setting to
# ClamAV database location
clamd_dbdir="/var/clamav"
I think that pretty much covers it.
Run the script once by hand to be sure it is running properly and not
producing any serious errors.
Jules
--
Julian Field MEng MBCS CITP CEng
jkf at ecs.soton.ac.uk
Teaching Systems Manager
Electronics& Computer Science
University of Southampton
SO17 1BJ, UK
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list