Optional AV database - HAVP
-
Is it possible to use signatures from Sanesecurity
i can not seem to find how to use additional DB examples.
thanks! -
You wont be able to do by configuring it through the web interface, but the unofficial signatures do have a package available.
So do a pkg_add -r clamav-unofficial-sigs from the cmd line - this will download all relevant depandancies and install the config file (clamav-unofficial-sigs.conf.sample) in /usr/local/etc/Edit to your requirements and off you go.
-
Thanks for the reply
I added the package and adjusted the conf file.
Will the new sigs appear in the HAVP window of databases? -
No it wont, it only looks for daily, main and the safebrowsing ones. It would need to be modified to see all the databases.
-
Ah. ok. The package will need to be modified then
is there a way to see if the sigs are load and working then with HAVP? -
also,
are you using the other sigs with HAVP?
If so, they been working fine for you? -
Ah. ok. The package will need to be modified then
is there a way to see if the sigs are load and working then with HAVP?If you have AV log enabled have a look ClamAVs log file (/var/log/clamav/) it gives some insight into the number of signatures that are loaded but doesn't give detail as to which db is loaded and the number of signatures loaded from that db.
also,
are you using the other sigs with HAVP?
If so, they been working fine for you?Nope - havent used them specifically with HAVP but use them on the mail server side. They work wonders for mail.
-
they appear to be loaded
Running a test from
http://www.sanesecurity.com/sigtests.htmgive me this HAVP warning
Clamd: Sanesecurity.TestSig_Type3_Bdy.4.UNOFFICIALThanks again for your help
-
Yes sorry it logs the signature that matches, in the log file.
The shell script that updates the 3rd party signatures also ensures the signatures are sane before placing them into the clamav db, so you dont have to worry about a corrupted signature download breaking things. Just make sure to add that shell script to cron so that the signatures are updated.
-
hmmm..
the only thing i see in the log is something like this, does not list the db's by name.
(lol, i happened to check the sig count from before the install and it was higher. that was how i though it worked) :)ri Nov 5 17:30:06 2010 -> Reading databases from /var/db/clamav
Fri Nov 5 17:30:06 2010 -> Not loading PUA signatures.
Fri Nov 5 17:30:52 2010 -> Loaded 2005551 signatures.
Fri Nov 5 17:30:53 2010 -> TCP: Bound to address 127.0.0.1 on port 3310
Fri Nov 5 17:30:53 2010 -> TCP: Setting connection queue length to 30
Fri Nov 5 17:30:53 2010 -> LOCAL: Unix socket file /var/run/clamd.sock
Fri Nov 5 17:30:53 2010 -> LOCAL: Setting connection queue length to 30
Fri Nov 5 17:30:53 2010 -> Limits: Global size limit set to 52428800 bytes.
Fri Nov 5 17:30:53 2010 -> Limits: File size limit set to 31457280 bytes.
Fri Nov 5 17:30:53 2010 -> Limits: Recursion level limit set to 255.
Fri Nov 5 17:30:53 2010 -> Limits: Files limit set to 10000.
Fri Nov 5 17:30:53 2010 -> Archive support enabled.
Fri Nov 5 17:30:53 2010 -> Algorithmic detection enabled.
Fri Nov 5 17:30:53 2010 -> Portable Executable support enabled.
Fri Nov 5 17:30:53 2010 -> ELF support enabled.
Fri Nov 5 17:30:53 2010 -> Detection of broken executables enabled.
Fri Nov 5 17:30:53 2010 -> Mail files support enabled.
Fri Nov 5 17:30:53 2010 -> OLE2 support enabled.
Fri Nov 5 17:30:53 2010 -> PDF support enabled.
Fri Nov 5 17:30:53 2010 -> HTML support enabled.You are referring to this script: clamav-unofficial-sigs.sh
If so, yes it is added.Sorry for all the post
Thanks again for your help -
I meant it logs the signature name that matches malware, for example Sanesecurity.Junk.28939.UNOFFICIAL.