Sanesecurity ClamAV sigs are back. Yay!

Gareth list-mailscanner at linguaphone.com
Thu Jan 22 09:56:35 GMT 2009


There will be a new unofficial-sigs.sh download script available there
very soon aswell and this one supports MSRBL and SecureSite aswell.
It might be worth holding off on using it for a short while though as it
has been pointed out that because you can choose which sigs you want it
makes a rsync call for every file and that could in theory get you
blocked by the mirror. The author is looking into a better way to
download just the files wanted with a single rsync call.


On Thu, 2009-01-22 at 09:17, Julian Field wrote:
> In case you didn't know, Steve Basford and his wonderful crew at 
> SaneSecurity have got their nice set of ClamAV signatures back up and 
> running, after they were badly DDoS-ed a few weeks ago. And they have 
> added some new stuff such as more protection against spear-phishing. 
> This is *well* worth using.
> 
> You can get a new download script from here:
> http://www.retrosnub.co.uk/sanesecurity/script/fetch-sanesecurity-sigs
> 
> You may want to put it in /etc/cron.hourly, so it gets updated every 
> hour for you automatically with no action from you. And you will need to 
> do this command to ensure it gets run:
>    chmod +x /etc/cron.hourly/fetch-sanesecurity-sigs
> 
> You will need to check that the commands gpg, wget and rsync are all 
> installed and on your path. Just try the commands with no options and 
> see if it gives you a "Command not found" error. If no error like that, 
> you're good to go.
> 
> If you are using my ClamAV+SpamAssassin package, which installs ClamAV 
> in /usr/local, then you will need to set this in the correct place near 
> the top of the script:
> 
> # ClamAV database location
> clamd_dbdir="/usr/local/share/clamav"
> 
> instead of the default location of /var/clamav. And you *may* need to 
> change the "clamd_pidfile" setting to
> 
> # ClamAV daemon process ID file
> # (If this is commented out, the daemon will not be reloaded automatically)
> clamd_pidfile="/var/run/clamd.pid"
> 
> but check where your pid file actually is, it should be under /var/run 
> somewhere and will be called "clamd.pid". You'll find it, I'm sure :-)
> 
> If you are using the ClamAV installation provided by FSL as part of 
> BarricadeMX, then you will need to change the clamd_dbdir setting to
> 
> # ClamAV database location
> clamd_dbdir="/var/clamav"
> 
> I think that pretty much covers it.
> Run the script once by hand to be sure it is running properly and not 
> producing any serious errors.
> 
> Jules
> 
> -- 
> Julian Field MEng MBCS CITP CEng
> jkf at ecs.soton.ac.uk
> Teaching Systems Manager
> Electronics&  Computer Science
> University of Southampton
> SO17 1BJ, UK
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> PGP public key: http://www.jules.fm/julesfm.asc
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.



More information about the MailScanner mailing list