Running Sansecurity signatures update script for ClamAV

Discussion in 'Installation/Configuration' started by Romin, Nov 2, 2016.

  1. Romin

    Romin New Member

    Hi,
    I am trying to setup on my Debian 8 script sanesecurity_update.sh downloaded from ispconfig.org.

    I got following response:
    ----------------------------------------------------------------------------------------------------------------------------------
    ./sanesecurity_update.sh: line 65: cd: /home/admispconfig/ispconfig/tools/clamav/share/clamav: No such file or directory
    =================================
    SaneSecurity SCAM Database Update
    =================================

    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed
    100 360 100 360 0 0 4977 0 --:--:-- --:--:-- --:--:-- 5070
    LibClamAV Error: Problem parsing database at line 1
    LibClamAV Error: Can't load /var/tmp/clamdb/scam.ndb: Malformed database
    ERROR: Malformed database

    ==================================
    SaneSecurity PHISH Database Update
    ==================================

    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed
    100 362 100 362 0 0 5168 0 --:--:-- --:--:-- --:--:-- 5246
    LibClamAV Error: Problem parsing database at line 1
    LibClamAV Error: Can't load /var/tmp/clamdb/phish.ndb: Malformed database
    ERROR: Malformed database
    ==========================
    MSRBL SPAM Database Update
    ==========================
    rsync error: received SIGINT, SIGTERM, or SIGHUP (code 20) at rsync.c(632) [Receiver=3.1.1]
    cp: cannot stat ‘/var/tmp/rsync/MSRBL-SPAM.ndb’: No such file or directory

    ===========================
    MSRBL IMAGE Database Update
    ===========================
    rsync error: received SIGINT, SIGTERM, or SIGHUP (code 20) at rsync.c(632) [Receiver=3.1.1]
    cp: cannot stat ‘/var/tmp/rsync/MSRBL-Images.hdb’: No such file or directory
    chown: cannot access ‘/home/admispconfig/ispconfig/tools/clamav/share/clamav’: No such file or directory
    ----------------------------------------------------------------------------------------------------------------------------------

    What is correct configuration fot these lines?

    #clamd="/usr/local/sbin/clamd"
    clamscan="/home/admispconfig/ispconfig/tools/clamav/bin/clamscan"
    #curl="/usr/local/bin/curl"
    #gunzip="/bin/gunzip"
    #rsync="/usr/bin/rsync"
    #service="/sbin/service"
    #test="/usr/bin/test"

    # Set path to ClamAV signature files location and ClamD user account
    clam_sigs="/home/admispconfig/ispconfig/tools/clamav/share/clamav"
    clam_user="clamav"

    # Set temp working directory paths (edit to meet your own needs)
    tmp_dir="/var/tmp/clamdb"
    rsync_dir="/var/tmp/rsync"

    Thanks for help.
     
  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    I've never used sanesecurity_update.sh so can't help you there, but as you're on debian, you can just install clamav-unofficial-sigs and use it as an alternative.

    Code:
    apt-get install clamav-unofficial-sigs
    
    cat <<EOF  > /etc/clamav-unofficial-sigs.conf.d/sanesecurity.conf
    # ========================
    # Sanesecurity Database(s)
    # ========================
    # see http://sanesecurity.com/usage/signatures/
    ss_dbs="
       blurl.ndb
       junk.ndb
       jurlbl.ndb
       phish.ndb
       rogue.hdb
       sanesecurity.ftm
       scam.ndb
       sigwhitelist.ign2
       spamattach.hdb
       spamimg.hdb
       winnow.attachments.hdb
       winnow_bad_cw.hdb
       winnow_extended_malware.hdb
       winnow_malware.hdb
       winnow_malware_links.ndb
       doppelstern.hdb
       bofhland_cracked_URL.ndb
       bofhland_malware_attach.hdb
       bofhland_malware_URL.ndb
       bofhland_phishing_URL.ndb
       crdfam.clamav.hdb
       phishtank.ndb
       porcupine.n>db
    "
    
    ss_dbs="${ss_dbs}
       foxhole_filename.cdb
       foxhole_generic.cdb
       malwarehash.hsb
       winnow_spam_complete.ndb
       winnow_phish_complete_url.ndb
       spear.ndb
       spearl.ndb
       scamnailer.ndb
       badmacro.ndb
       hackingteam.hsb
       foxhole_js.cdb
       rogue.hdb
       phish.ndb
       porcupine.hsb
    "
    
    # see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783228
    si_update_hours="24"
    
    # you have to register to get securiteinfo signatures now, see /etc/clamav/freshclam.conf
    si_dbs=""
    
    EOF
    (pick which signatures you want)
     
    ahrasis likes this.

Share This Page