- More info here
- Version: 7.2.5
The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol, Yara-Rules Project, urlhaus, etc. The script will also generate and install cron, logrotate, and man files.
Download the script and the config files
cd /usr/local/sbin/ wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh chmod 755 /usr/local/sbin/clamav-unofficial-sigs.sh mkdir -p /etc/clamav-unofficial-sigs/ cd /etc/clamav-unofficial-sigs/ wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/user.conf
Select your operating system config from https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/config/ (adjust os_conf to your needs)
os_conf="os.slackware.conf"
wget "https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/os/${os_conf}"
ln -s ${os_conf} os.conf
user.conf will always override os.conf and master.conf, os.conf will override master.conf. Of course it's not a good idea to make changes in master.conf.
Now disable email/bank_rule.yar, which is deprecated
cat >> user.conf << EOF # ======================== # Yara Rules Project Database(s) # ======================== declare -a yararulesproject_dbs=( email/bank_rule.yar|DISABLED ) #END yararulesproject DATABASES EOF
Create the folder for urlhaus.ndb in /var/lib/clamav-unofficial-sigs/urlhaus.ndb (delete if the file already exists). This will solve a connection error (thanks Shailendra Shukla for the advise):
mkdir -p /var/lib/clamav-unofficial-sigs/dbs-uh chown clamav:clamav /var/lib/clamav-unofficial-sigs/dbs-uh
Check your os.*.conf file and create the following lines if not already present. Be aware that your clamdctl script must have a restart function, if this is not the case update it.
clamd_restart_opt="/usr/local/bin/clamdctl restart" clamscan_bin="/usr/local/bin/clamscan"
Now run the script as root
/usr/local/sbin/clamav-unofficial-sigs.sh --force
Install logrotate and man files
/usr/local/sbin/clamav-unofficial-sigs.sh --install-logrotate /usr/local/sbin/clamav-unofficial-sigs.sh --install-man
Install configs. This is for those using cron
and this is for systemd users
mkdir -p /etc/systemd/system/ wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/systemd/clamav-unofficial-sigs.service -O /etc/systemd/system/clamav-unofficial-sigs.service wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/systemd/clamav-unofficial-sigs.timer -O /etc/systemd/system/clamav-unofficial-sigs.timer systemctl enable clamav-unofficial-sigs.service systemctl enable clamav-unofficial-sigs.timer systemctl start clamav-unofficial-sigs.timer
Run the following command to display which signatures have been loaded by clamav and check for errors. If the list contains the new databases the installation went well.
clamscan --debug 2>&1 /dev/null | grep "loaded"
Upgrade
Check your installed version:
# /usr/local/sbin/clamav-unofficial-sigs.sh --version ################################################################################ eXtremeSHOK.com ClamAV Unofficial Signature Updater Version: v7.2.5 (2021-03-20) Required Configuration Version: v96 Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com ################################################################################
Run the update:
# clamav-unofficial-sigs.sh --upgrade ################################################################################ eXtremeSHOK.com ClamAV Unofficial Signature Updater Version: v7.2.5 (2021-03-20) Required Configuration Version: v96 Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com ################################################################################ Loading config: /etc/clamav-unofficial-sigs/master.conf Loading config: /etc/clamav-unofficial-sigs/os.slackware.conf Loading config: /etc/clamav-unofficial-sigs/user.conf Checking for updates ...
Comments
clamav-unofficial-sigs config update
Shailendra Shukla April 12, 2025 10:29 CET
Hi Roberto,
There are a few updates regarding clamav-unofficial-sigs config files . Upon investingating the setup it is come to notice a few points
1. The urlhaus.ndb file does not get downloaded on a fresh install , below are the log erros
This is because the script does not create the necessary folder for the urlhaus.ndb file in /var/lib/clamav-unofficial-sigs/
For the update we need to manually create the folder in the above path i.e mkdir dbs-uh , once this is done the file gets downloaded and updated , below is the log
2. yararulesproject bank_rule.yar
This is deprecated/bank_rule.yar and no longer maintained , to overcome the error in the log we need to disable this rule in the master.conf file /etc/clamav-unofficial-sigs/master.conf around line 430 , I have modified it as below
With this all the Warning and Errors in the clamav-unofficial-sigs log files dissappear.
Though point no 2 is just related to warnings but Point No 1 is important as it is related to malicious URLs tracked on URLhaus. Maybe you can cross check my findings on a fresh install of clamav-unofficial-sigs.
Reply | Permalink
clamav-unofficial-sigs config update
Roberto Puzzanghera Shailendra Shukla April 12, 2025 11:53 CET
Thank you, updated. Let's overwrite master.conf using user.conf, otherwise the correction won't be preserved on updates
Reply | Permalink
clamav-unofficial-sigs config update
Shailendra Shukla Roberto Puzzanghera April 22, 2025 17:54 CET
Small typo error in the guide above for urlhaus.ndb
Current
Kindly change as below
Cheers
Reply | Permalink
clamav-unofficial-sigs config update
Roberto Puzzanghera Shailendra Shukla April 22, 2025 18:41 CET
thank you. Corrected
Reply | Permalink