Recent releases for clamav-unofficial-sigs

clamav-unofficial-sigs 4.9.2

2015-12-02T10:58:03+00:00

clamav-unofficial-sigs 4.9.3

2016-03-23T02:10:06+00:00

Final of 4.xx release

clamav-unofficial-sigs 5.0.0

2016-03-23T02:10:22+00:00

clamav-unofficial-sigs 5.0.1

2016-03-23T14:07:48+00:00

Fixes issue with missing log file

clamav-unofficial-sigs 5.0.2

2016-03-24T08:48:07+00:00

Fix for Missing space between "] Detect if the entire script is available/complete

clamav-unofficial-sigs 5.0.3

2016-03-27T09:48:58+00:00

Includes default OS Configs

clamav-unofficial-sigs 5.0.4

2016-03-31T01:19:49+00:00

- eXtremeSHOK.com Maintenance - Added/Updated OS configs: CentOS 7, FreeBSD, Slackware - Added clamd_reload_opt to fix issues with centos7 conf - Fix --remove-script should call remove_script() function by @IdahoPL - Add OS specific settings to logrotate - Increased default timeout values - Attempt to Silence more output - Create the log_file_path directory before we touch the file. - Updated config file to remove the $work_dir varible from dir names - Remove trailing / from directory names - Initial support for Travis-Ci testing - Fixed config option enable_logging -> logging_enabled - Config updated to 56 due to changes

clamav-unofficial-sigs 5.0.5

2016-04-01T23:13:14+00:00

- eXtremeSHOK.com Maintenance - Add support for specifying a custom config dir or file with (--config) -c option - Removed default_config - Added travis-ci build testing - Updates to the help and usage display - Added sanity testing of sanesecurity_dbs, securiteinfo_dbs, linuxmalwaredetect_dbs, yararules_dbs, add_dbs - Added function xshok_array_count - Prevent some issues with an incomplete or only a user.conf being loaded - Added fallback to host if dig returns no records - Check there are Sanesecurity mirror ips before we attempt to rsync - Important binaries have been aliased (clamscan, rsync, curl, gpg) and allow their paths to be overridden - Added sanity checks to make sure the binaries and workdir is defined - Custom Binary Paths added to the config (clamscan_bin, rsync_bin, curl_bin, gpg_bin) - Bump config to 57 - Added initial centos6 + cpanel os config - Bugfix Only start logging once all the configs have been loaded - Rename $version to script_version - Default malwarePatrol to the free version - Added script version checks

clamav-unofficial-sigs 5.0.6

2016-04-03T23:04:46+00:00

- eXtremeSHOK.com Maintenance - Updated winnow databases as per information from Tom @ OITC - Bump config to 58

clamav-unofficial-sigs 5.1.0

2016-04-08T00:31:21+00:00

- eXtremeSHOK.com Maintenance - Added --install-cron this will automatically generate and install the cron file - Added --install-logrotate this will automatically generate and install the logrotate file - Change official URL of SecuriteInfo signatures - Added a new database (securiteinfoandroid.hdb) for SecuriteInfo - Remove database files after disabling a database group by @reneschuster - Updated Gentoo OS config by @orlitzky - Regroup functiuons - Increase travis-ci code testing - Set minimum config required to 60 - Bump config to 60

clamav-unofficial-sigs 5.1.1

2016-04-13T00:04:06+00:00

- eXtremeSHOK.com Maintenance - Added OS X and openbsd configs - Fixed host fallback sed issues by @MichaelKuch - Suppress most error messages of chmod and chown - check permissions before chmod - Added the config option remove_disabled_databases # Default is "no", if enabled when a database is disabled we will remove the associated database files. - Added function xshok_mkdir_ownership - Do not set permissions of the log, cron and logrotate dirs - Fix: fallback for missing gpg -r option on OS X - Update sanesecurity signatures - Bump config to 61

clamav-unofficial-sigs 5.2.0

2016-04-15T15:49:43+00:00

- eXtremeSHOK.com Maintenance - Refactor some functions - Added --install-man this will automatically generate and install the man (help) file - Yararules and yararulesproject enabled by default - Added clamav version detection to automatically disable yararules and yararulesproject if the current clamav version does not support them - Database files ending with .yar/.yara/.yararules will automatically be disabled from the database if yara rules are not supported - Script options are added to the man file - Fixed hardcoded logrotate and cron in remove_script - Fixed incorrectly assigned logrotate varibles in install-logrotate - Config added info for port/package maintainers regarding: pkg_mgr and pkg_rm - Removed pkg_mgr and pkg_rm from freebsd and openbsd os configs - Allow overriding of all the individual workdirs, this is mainly to aid package maintainers - Rename sanesecurity_dir to work_dir_sanesecurity, securiteinfo_dir to work_dir_securiteinfo, malwarepatrol_dir to work_dir_malwarepatrol, yararules_dir to work_dir_yararules, add_dir to work_dir_add, gpg_dir to work_dir_gpg, work_dir_configs to work_dir_work_configs - Rename yararules_enabled to yararulesproject_enabled - Rename all yararules to yararulesproject - Fix to prevent disabled databases processing certian things which will not be used as they are disabled - Set minimum config required to 62 - Bump config to 62

clamav-unofficial-sigs 5.2.1

2016-04-16T01:24:36+00:00

- eXtremeSHOK.com Maintenance - Minor bugfix for Sanesecurity_sigtest.yara Sanesecurity_spam.yara files being removed incorrectly - Minor fix: yararulesproject_enabled not yararulesproject_enable

clamav-unofficial-sigs 5.2.2

2016-04-18T14:18:07+00:00

- eXtremeSHOK.com Maintenance - Added --install-all Install and generate the cron, logroate and man files, autodetects the values $oft based on your config files - Added functions: xshok_prompt_confirm, xshok_is_file, xshok_is_subdir - Replaced Y/N prompts with xshok_prompt_confirm - Bug Fix for disabled databases being removed when the remove_disabled_databases is set to NO (default) - Added more warnings to remove_script and made it double confirmed - Remove_script will only remove work_dir if its a sub directory - Remove_script will only remove files if they are files - Removed -r switch, --remove-script needs to be used instead of both -r and --remove-script - Fixed: remove_script not removing logrotate file, cron file, man file

clamav-unofficial-sigs 5.3

2016-05-07T00:26:04+00:00

- eXtremeSHOK.com Maintenance - Major change: Updated to use new database structure, now allows all low/medium/high databases to be enabled or disabled. - Major change: curl replaced with wget (will fallback to curl is wget is not installed) - Major change: script now functions correctly as the clamav user when started under cron - Added fallback to curl if wget is not available - Added locking (Enable pid file to prevent issues with multiple instances) - Added retries to fetching downloads - Code refactor: if wget repaced with if $? -ne 0 - Enhancement: Verify the clam_user and clam_group actually exists on the system - Added function : xshok_user_group_exists, to check if a specific user and group exists - Bug Fix: setmode only if is root - Bug Fix: eval not working on certain systems - Bug fix: rsync output not correctly silenced - Code refactor: remove legacy `..` with $(...) - Code refactor: replace [ ... -a ... ] with [ ... ] && [ ... ] - Code refactor: replace [ ... -o ... ] with [ ... ] || [ ... ] - Code refactor: replace cat "..." with done < ... from loops - Code refactor: convert for loops using files to while loops - Code refactor: read replaced with read -r - Code refactor: added cd ... || exit , to handle a failed cd - Code refactor: double quoted all varibles - Code refactor: refactor all "ls" iterations to use globs - Defined missing uname_bin variable - Added function xshok_database - Set minimum config required to 65 - Bump config to 65

clamav-unofficial-sigs 5.3.1

2016-05-14T01:16:46+00:00

- eXtremeSHOK.com Maintenance - Bug Fix: for GPG Signature test FAILED by @DamianoBianchi - Remove unused $GETOPT - Refactor clamscan_integrity_test_specific_database_file (--test-database) - Refactor gpg_verify_specific_sanesecurity_database_file (--gpg-verify) - Big fix: missing $pid_dir

clamav-unofficial-sigs 5.3.2

2016-05-23T23:39:22+00:00

- eXtremeSHOK.com Maintenance - Bug Fix: Additional Databases not downloading - Added sanesecurity_update_hours option to limit updating to once every 2 hours - Added additional_update_hours option to limit updating to once every 4 hours - Refactor Additional Database File Update code - Updated osx config with correct group for homebrew

clamav-unofficial-sigs 5.4

2016-07-15T14:02:39+00:00

- eXtremeSHOK.com Maintenance - Added Solaris 10 and 11 configs - When under Solaris we define our own which function - Define grep_bin variable, use gnu grep on sun os - Fallback to gpg2 if gpg not found, - Added support for csw gnupg on solaris - Trap the keyboard interrupt (ctrl+c) and gracefully exit - Added CentOS 7 Atomic config @deajan - Minor refactoring and removing of unused variables - Removed CRDF signatures as per Sanesecurity #124 - Added more Yara rule project Rules - Incremented the config to version 68

clamav-unofficial-sigs 5.4.1

2016-07-21T12:31:26+00:00

- eXtremeSHOK.com Maintenance - Disable installation when either pkg_mgr or pkg_rm is defined. - Minor refactoring - Update master.conf with the new Yara-rules project file names - Incremented the config to version 69

clamav-unofficial-sigs 5.6.0

2017-03-17T01:29:24+00:00

- eXtremeSHOK.com Maintenance - PGP is now optional and no longer a requirement and pgp support is auto-detected - Full support for MacOS / OS X and added clamav install guide - Full support for pfSense and added clamav install guide - Added os configs for Zimbra and Debian 8 with systemd - Much better error messages with possible solutions given - Better checking of possible issues - Update all SANESECURITY signature databases - Support for clamav-devel (clamav compiled from source) - Added full proxy support to wget and curl - Replace allot of "echo | cut | sed" with bash substitutions - Added fallbacks/substitutions for various commands - xshok_file_download and xshok_draw_time_remaining functions added to replace redundant code blocks - Removed SANESECURITY mbl.ndb as this file is not showing up on the rsync mirrors - Allow exit code 23 for rsync - Major refactoring : Normalize comments, quotes, functions, conditions - Protect various arguments and "POSIX-ize" script integrity - Enhanced testing with travis-ci, including clamav 0.99 - Incremented the config to version 72

clamav-unofficial-sigs 5.6.1

2017-03-17T11:54:40+00:00

- eXtremeSHOK.com Maintenance - Packers/Javascript_exploit_and_obfuscation.yar false posirtive rating increased to HIGH - Codeclimate fixes - Incremented the config to version 73

clamav-unofficial-sigs 5.6.2

2017-03-18T11:58:18+00:00

- eXtremeSHOK.com Maintenance - Bug Fix GPG always being disabled, thanks @orlitzky

clamav-unofficial-sigs 6.0.0

2019-07-31T01:28:44+00:00

- eXtremeSHOK.com Maintenance & Refactoring - Add timestamp support (do not re-download not modified files, saves bandwidth) - wget and curl uses compression for the transfer (detected when supported, saves bandwidth) - Posix compliance 'which' replaced with 'command -v' - More escaped characters, shellcheck compliance - Option added : force_curl , to force the usage of curl instead of wget - Workaround for wget, which cannot do --timestamping and --output-document together - Added SECURITEINFO securiteinfoold.hdb - set malwarepatrol_free = no , when malwarepatrol_product_code != 8 - Fix: remove hardcoded malwarepatrol_product_code - Fix: os.macosx.conf service: command not found - Fix: whitelist a MalwarePatrol signature - More reliable version checking - Fix: Clamscan database integrity test - Fix: version comparison of minimum Yara @bytesplit - Use custom config directory @Amish - unzip option -j was removed @wotomg - ZCS 8.7 updates @tonster - Logic fixes @Claus-Justus Heine - Specify correct path for systemd units @SlothOfAnarchy - Avoid hardcoded path to BASH @rseichter

clamav-unofficial-sigs 6.0.1

2019-07-31T13:41:02+00:00

- eXtremeSHOK.com Maintenance - Fix logging @dominicraf

clamav-unofficial-sigs 6.1.0

2019-08-27T20:09:14+00:00

- eXtremeSHOK.com Maintenance - Thanks Reio Remma & Oliver Nissen - fail added to all curl commands - Fix: Missing logic for LOWMEDIUMONLY | MEDIUMHIGHONLY | HIGHONLY databases - Support for either os.osname.conf or os.conf files (no more needing to rename the os.osname.conf to os.conf) - Where possible replaced echo with xshok_pretty_echo_and_log - Refactor xshok_pretty_echo_and_log and make all notices styles consistent - Silence output when run under cron - add MAILTO=root to the generated cron file - Add full proxy support for wget, curl, rsync, dig, host - Better support for proxy config variables - New config variable: git_branch (defaults to master for the update checks) - allow -w signature for quicker whitelisting - Sanitize whitelist input string (Remove quotes and .UNOFFICIAL) - Added Full support for Hash-based Signature Databases - User.conf is pre-configured with default options to allow for quicker setup - Default sanesecurity and linuxmalwaredetect to enabled - Increase default retries from 3 to 5 - Ensure log file permissions are correct - Better update comparison check, only notify if newer - Incremented the config to version 76

clamav-unofficial-sigs 6.1.1

2019-09-02T22:42:24+00:00

eXtremeSHOK.com Maintenance Update os.archlinux.conf, thanks @amishmm master.conf set default dbs rating to medium user.conf better suggested values Default to using curl, less logic required (lower cpu) force_curl replaced with force_wget Fix: suppress all non-error output under cron/non interactive terminal Fix: check log file is not a link before setting permissions, only set if owned by root. Fix: failed to create symbolic link Fix: curl --compress ->> curl --compressed Minor enhancement to travis-ci checks Incremented the config to version 77

clamav-unofficial-sigs 7.0

2020-01-24T20:25:51+00:00

- eXtremeSHOK.com Maintenance - Added urlhaus database - Added extra yararulesproject databases - Added new linuxmalwaredetect yara file - Automatic upgrades ( --upgrade ) - Added --upgrade command line option - Option to disable automatic upgrades ( allow_upgrades ) - Option to disable update checks (allow_update_checks) - Increase download time to 1800 seconds from 600 seconds - os.conf takes preference over os.***.conf - Warn if there are multiple os.***.conf files - More sanity checks to help users and prevent errors - Better output of --info - Fix all known bugs - Implement all suggestions - Fixed yararulesproject database names - Correctly silence curl and wget - New linuxmalwaredetect logic - New malwarepatrol logic - Suppress --- and === from the logs - Update the documentation / guides - Increase minimum clamav version for yara rules to 0.100 or above - Fix systemd.timer and systemd.service files - More travis-ci tests - Added os.alpine.conf - Added debug options/mode to config - Set minimum config required to 90 - Lots of refactoring and optimizing - Only check for and notify about script updates every 12hours - Incremented the config to version 90

clamav-unofficial-sigs 7.0.1

2020-01-25T12:03:05+00:00

Disable yara project rules duplicated in rxfn.yara (Thanks @dominicraf) Incremented the config to version 91

clamav-unofficial-sigs 7.2

2020-12-07T08:38:09+00:00

* eXtremeSHOK.com maintenance * Database rating downgrades are now supported, eg, changing from HIGH to LOW will remove the HIGH and MEDIUM rated databases. * Disabled databases are automatically removed * Disable databases by setting the rating to "DISABLED" eg. securiteinfo_dbs_rating="DISABLED" will disable all securiteinfo databases * Added Malware Expert databases (non-free) * Added interServer databases (free) * Reworked securiteinfo premium databases (non-free) * Added malwarepatrol_db to specify the exact database name (default: malwarepatrol.db) * Added detection of tar executable (use gtar on mac and bsd) * Config os.macosx.conf renamed to os.macos.conf * Fix: set ownership of last-version-check.txt * More automated linting and testing (markdown and macOS / osx) via travis-ci * Updated macOS installation guide for Big Sur (OSX 11) * Incremented the config to version 94 * Thank you @dandanio @jkellerer @msapiro @shawniverson * Enforce HTTPS validation by default * Updated sanesecurity publickey.gpg url to use SSL * Ignore yara files that include modules * Enabled yararulesproject rules by default * os.gentoo.conf: disable updates and upgrade checks * Fix: URLhaus log message * Fix wrong download URL for MalwarePatrol * Fix: fallback to host if dig is not used * Disable cron MAILTO * BSD read config fix * Incremented the config to version 92 * Thank you @dandanio @jkellerer @m0urs @Mrothyr @msapiro @orlitzky @RobbieTheK @SlothOfAnarchy

clamav-unofficial-sigs 7.2.1

2020-12-14T01:16:14+00:00

* eXtremeSHOK.com Maintenance * Change yararule email/Email_generic_phishing.yar to HIGH * New config option: force_host, by default dig is used when dig and host is present. * Refactor and correct the assigning of binaries/commands * Fix broken yara rule database names: Maldoc_hancitor_dropper and Maldoc_APT19_CVE-2017-1099 * Ensure only dig or host is used when either dig or host is enabled * Enable remove_disabled_databases by default * Fix disabled databases removed when "$remove_disabled_databases" is set to "no" * Incremented the config to version 95

clamav-unofficial-sigs 7.2.2

2020-12-20T21:17:20+00:00

* eXtremeSHOK.com Maintenance * Use POSIX character classes instead of literals * Prevent linuxmalwaredetect yara files being extracted when yara is not supported * Replace echo with xshok_pretty_echo_and_log to silence database cleanup cron messages

clamav-unofficial-sigs 7.2.3

2021-03-18T03:49:16+00:00

* eXtremeSHOK.com Maintenance * Whitelist support for yararules (whitelist signature tracking is disabled for yararules) * Disable JJencode.yar , due to excessive CPU usage * Disable scamnailer , discontinued * Update pfsense guide for 2.5 * Fix working directory variable "urlhausy" to "urlhaus" * Fix missing tracker-tmp.txt * Thank you @perplexityjeff

clamav-unofficial-sigs 7.2.4

2021-03-18T04:33:51+00:00

* eXtremeSHOK.com Maintenance * Disabled winnow_malware.yara , duplicated in EMAIL_Cryptowall.yar and no longer maintained * Removed gtar requirement (--wildcards is the default) * Incremented the config to version 97

clamav-unofficial-sigs 7.2.5

2021-03-20T02:49:48+00:00

* eXtremeSHOK.com Maintenance * Added : os.centos7-cpanel.conf * Refactor : bsd support for tar, remove gnu-tar requirement * Refactor : remove gnu-sed requirement * Refactor : bsd support for stat command