# This file contains user configuration settings for the clamav-unofficial-sigs.sh
# Script provide by Bill Landry (unofficialsigs@gmail.com).
#
# Script updates can be found at: http://sourceforge.net/projects/unofficial-sigs
#
# License: BSD (Berkeley Software Distribution)
################################################################################
# USER CONFIGURATION FILE FOR SCRIPT: #
# * * * #
# clamav-unofficial-sigs.sh #
# * * * #
# SET PROGRAM PATHS AND OTHER VARIABLE OPTIONS FOR THE SCRIPT IN THIS FILE #
################################################################################
# Edit the quoted variables below to meet your own particular needs
# and requirements, but do not remove the "quote" marks.
# Be sure to set the appropriate shell for your OS Platform. It's been
# reported that "sh" works best for BSD variants, "ksh" for Sun Solaris,
# and "bash" for Linux variants. If you experience problems running the
# script, please try editing the top line of the script file and changing
# "sh" to either "ksh" or "bash" before reporting a problem.
# Set and export the appropriate program paths for your OS platform. Required
# utilities include: find, xargs, sed, awk, cut, dig, grep, tail, chown, chmod,
# cmp, diff, gzip, ls, cp, mv, test, gpg, host, sleep, cksum, rsync, curl, perl,
# and optionally socat. It's been reported that on Sun systems, the GNU utilities
# should be used rather than the default Sun OS versions of these utilities.
PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
export PATH
# Set the appropriate ClamD user and group accounts for your system.
# If you do not want the script to set user and group permissions on
# files and directories, comment the next two variables.
clam_user="clamav"
clam_group="clamav"
# If you do not want the script to change the file mode of all signature
# database files in the ClamAV working directory to 0644 (-rw-r--r--):
#
# owner: read, write
# group: read
# world: read
#
# as defined in the "clam_dbs" path variable below, then set the following
# "setmode" variable to "no".
setmode="yes"
# Set path to ClamAV database files location. If unsure, check
# your clamd.conf file for the "DatabaseDirectory" path setting.
clam_dbs="/var/lib/clamav"
# Set path to clamd.pid file (see clamd.conf for path location).
clamd_pid="/var/run/clamd.pid"
# To enable "ham" (non-spam) directory scanning and removal of
# signatures that trigger on ham messages, uncomment the following
# variable and set it to the appropriate ham message directory.
#ham_dir="/path/to/ham-test/directory"
# If you would like to reload the clamd databases after an update,
# change the following variable to "yes".
reload_dbs="no"
# Set the reload or restart option if the "reload_dbs" variable above
# is set to "yes" (only select 'ONE' of the following variables or the
# last uncommented variable option will be the one used).
# - The next variable signals clamd daemon to reload databases (this is the recommended reload option)
reload_opt="clamdscan --reload" # Default
# - The next variable signals clamd's Process ID (PID) to reload databases
#reload_opt="kill -USR2 `cat $clamd_pid`"
# - The next variable signals linux based systems to do a full clamd service stop/start
#reload_opt="service clamd restart"
# - Use the next variable to set a custom or system specific reload/restart option
#reload_opt=""
# If running clamd in "LocalSocket" mode (*NOT* in TCP/IP mode), and
# either "SOcket Cat" (socat) or the "IO::Socket::UNIX" perl module
# are installed on the system, and you want to report whether clamd
# is running or not, uncomment the "clamd_socket" variable below (you
# will be warned if neither socat nor IO::Socket::UNIX are found, but
# the script will still run). You will also need to set the correct
# path to your clamd socket file (if unsure of the path, check the
# "LocalSocket" setting in your clamd.conf file for socket location).
#clamd_socket="/var/run/clamd.socket"
# If you would like to attempt to restart ClamD if detected not running,
# uncomment the next 2 lines. Confirm the path to the "clamd_lock" file
# (usually can be found in the clamd init script) and also enter the clamd
# start command for your particular distro for the "start_clamd" variable
# (the sample start command shown below should work for most linux distros).
# NOTE: these 2 variables are dependant on the "clamd_socket" variable
# shown above - if not enabled, then the following 2 variables will be
# ignored, whether enabled or not.
#clamd_lock="/var/lock/subsys/clamd"
#start_clamd="service clamd start"
# Enable or disable download time randomization. This allows the script to
# be executed via cron, but the actual database file checking will pause
# for a random number of seconds between the "min" and "max" time settings
# specified below. This helps to more evenly distribute load on the host
# download sites. To disable, set the following variable to "no".
enable_random="yes"
# If download time randomization is enabled above (enable_random="yes"),
# then set the min and max radomization time intervals (in seconds).
min_sleep_time="60" # Default minimum is 60 seconds (1 minute).
max_sleep_time="600" # Default maximum is 600 seconds (10 minutes).
# ========================
# Sanesecurity Database(s)
# ========================
# Add or remove database file names between quote marks as needed. To
# disable usage of any of the Sanesecurity distributed database files
# shown, remove the database file name from the quoted section below.
# To disable usage of all Sanesecurity distributed databases, comment
# all of the quoted lines below. Only databases defined as "low" risk
# have been enabled by default (for additional information about the
# database ratings, see: http://www.sanesecurity.com/clamav/databases.htm).
# Only add signature databases here that are "distributed" by Sanesecuirty
# as defined at the URL shown above. Database distributed by others sources
# (e.g., SecuriteInfo & MalewarePatrol, can be added to other sections of
# this config file below). Finally, make sure that the database names are
# spelled correctly or you will experience issues when the script runs
# (hint: all rsync servers will fail to download signature updates).
ss_dbs="
blurl.ndb
junk.ndb
jurlbl.ndb
phish.ndb
rogue.hdb
sanesecurity.ftm
scam.ndb
sigwhitelist.ign2
spamattach.hdb
spamimg.hdb
winnow.attachments.hdb
winnow_bad_cw.hdb
winnow_extended_malware.hdb
winnow_malware.hdb
winnow_malware_links.ndb
doppelstern.hdb
bofhland_cracked_URL.ndb
bofhland_malware_attach.hdb
bofhland_malware_URL.ndb
bofhland_phishing_URL.ndb
crdfam.clamav.hdb
phishtank.ndb
porcupine.ndb
"
# ========================
# SecuriteInfo Database(s)
# ========================
# Add or remove database file names between quote marks as needed. To
# disable any SecuriteInfo database downloads, remove the appropriate
# lines below. To disable all SecuriteInfo database file downloads,
# comment all of the following lines.
si_dbs="
honeynet.hdb
securiteinfo.hdb
securiteinfobat.hdb
securiteinfodos.hdb
securiteinfoelf.hdb
securiteinfohtml.hdb
securiteinfooffice.hdb
securiteinfopdf.hdb
securiteinfosh.hdb
"
# Since the SecuriteInfo databases are only updated a few time each
# month, set a time interval to do database update checks.
si_update_hours="4" # Default is 4 hours (6 update checks daily).
# =========================
# MalwarePatrol Database(s)
# =========================
# Add or remove database file names between quote marks as needed. To
# disable any of the MalwarePatrol database file downloads, remove the
# appropriate database file name lines below. To disable MalwarePatrol
# database downloads, comment all of the following lines.
mbl_dbs="
mbl.ndb
"
# Since the MalwarePatrol database file is dynamically created,
# there is no way to test for changes prior to downloading. For this
# reason, you will need to set a reasonable time interval in "hours"
# for MBL database file downloads. As shown below, this has been
# set to update every "6" hours, which seems appropriate (that's 4
# file downloads per day) Change only if you REALLY feel you must.
# However, I would not suggest going below every 4 hour lest you risk
# being blacklisted by the MalwarePatrol site.
mbl_update_hours="6" # Default is 6 hours (4 downloads daily).
# Additional signature databases can be specified here in the following
# format: PROTOCOL://URL-or-IP/PATH/TO/FILE-NAME (use a trailing "/" in
# place of the "FILE-NAME" to download all files from specified location,
# but this *ONLY* works for files downloaded via rsync). For non-rsync
# downloads, curl is used. For download protocols supported by curl, see
# "man curl". This also works well for locations that have many ClamAV
# servers that use 3rd party signature databases, as only one server need
# download the remote databases, and all others can update from the local
# mirror's copy. See format examples below. To use, remove the comments
# and examples shown and add your own sites between the quote marks.
#add_dbs="
# rsync://192.168.1.50/new-db/sigs.hdb
# rsync://rsync.example.com/all-dbs/
# ftp://ftp.example.net/pub/sigs.ndb
# http://www.example.org/sigs.ldb
#"
# Set rsync connection and data transfer timeout limits in seconds.
# The defaults settings here are reasonable, only change if you are
# experiencing timeout issues.
rsync_connect_timeout="15"
rsync_max_time="60"
# Set curl connection and data transfer timeout limits in seconds.
# The defaults settings here are reasonable, only change if you are
# experiencing timeout issues.
curl_connect_timeout="15"
curl_max_time="90"
# Set working directory paths (edit to meet your own needs). If these
# directories do not exist, the script will attempt to create them.
# Top level working directory path:
work_dir="/usr/unofficial-dbs" #Top level working directory
# Sub-directory names:
ss_dir="$work_dir/ss-dbs" # Sanesecurity sub-directory
si_dir="$work_dir/si-dbs" # SecuriteInfo sub-directory
mbl_dir="$work_dir/mbl-dbs" # MalwarePatrol sub-directory
config_dir="$work_dir/configs" # Script configs sub-directory
gpg_dir="$work_dir/gpg-key" # Sanesecurity GPG Key sub-directory
add_dir="$work_dir/add-dbs" # User defined databases sub-directory
# If you would like to make a backup copy of the current running database
# file before updating, leave the following variable set to "yes" and a
# backup copy of the file will be created in the production directory
# with -bak appended to the file name.
keep_db_backup="no"
# If you want to silence the information reported by curl, rsync, gpg
# or the general script comments, change the following variables to
# "yes". If all variables are set to "yes", the script will output
# nothing except error conditions.
curl_silence="no" # Default is "no" to report curl statistics
rsync_silence="no" # Default is "no" to report rsync statistics
gpg_silence="no" # Default is "no" to report gpg signature status
comment_silence="no" # Default is "no" to report script comments
# Log update information to '$log_file_path/$log_file_name'.
enable_logging="yes"
log_file_path="/var/log"
log_file_name="clamav-unofficial-sigs.log"
# If necessary to proxy database downloads, define the rsync and/or curl
# proxy settings here. For rsync, the proxy must support connections to
# port 873. Both curl and rsync proxy setting need to be defined in the
# format of "hostname:port". For curl, also note the -x and -U flags,
# which must be set as "-x hostname:port" and "-U username:password".
rsync_proxy=""
curl_proxy=""
# After you have completed the configuration of this file, set the
# following variable to "yes".
user_configuration_complete="no"
################################################################################
# END OF USER CONFIGURATION #
################################################################################