README.md
1# clamav-unofficial-sigs [](https://github.com/extremeshok/clamav-unofficial-sigs/releases/latest) [](https://travis-ci.org/extremeshok/clamav-unofficial-sigs) [](https://codeclimate.com/github/extremeshok/clamav-unofficial-sigs)
2
3ClamAV Unofficial Signatures Updater
4
5## Maintained and provided by https://eXtremeSHOK.com
6
7## Description
8The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol, Yara-Rules Project, urlhaus, etc. The script will also generate and install cron, logrotate, and man files.
9
10### Checkout some of our other solutions: https://github.com/extremeshok?tab=repositories
11
12### Support / Suggestions / Comments
13Please post them on the issue tracker : https://github.com/extremeshok/clamav-unofficial-sigs/issues
14
15### Submit Patches / Pull requests to the "dev" Branch
16
17### Required Ports / Firewall Exceptions
18* rsync: TCP port 873
19* wget/curl : TCP port 443
20
21### Supported Operating Systems
22Debian, Ubuntu, Raspbian, CentOS (RHEL and clones), OpenBSD, FreeBSD, OpenSUSE, Archlinux, Mac OS X, Slackware, Solaris (Sun OS), pfSense, Zimbra and derivative systems
23
24### Quick Install and Upgrade Guide
25https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/INSTALL.md
26
27### Operating System Specific Install and Upgrade Guides
28* CentOS : https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/centos7.md
29* Ubuntu : https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/ubuntu-debian.md
30* Debian : https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/ubuntu-debian.md
31* Mac OSX : https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/macosx.md
32* pFsense : https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/pfsense.md
33
34### UPGRADE INSTRUCTIONS (version 7.0 +)
35```
36clamav-unofficial-sigs.sh --upgrade
37clamav-unofficial-sigs.sh
38```
39
40### FOR PACKAGE MAINTAINERS / PACKAGERS
41Please use the sample package os.*.conf as a base for your os.conf, this will disable automatic updates, update notifications and the uninstallation feature. https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/config/packaging
42
43### Always Run the script once as your superuser to set all the permissions and create the relevant directories
44
45### Advanced Config Overrides
46* Default configs are loaded in the following order if they exist:
47* master.conf -> os.conf -> os.*.conf -> user.conf or your-specified.config
48* user.conf will always override os.conf and master.conf, os.conf will override master.conf
49* please do not alter the master.conf, rather create a user.conf
50* A minimum of 1 config is required.
51* Specifying a config on the command line (-c | --config) will override the loading of the default configs
52
53#### Check if signature are being loaded
54**Run the following command to display which signatures are being loaded by clamav
55
56```clamscan --debug 2>&1 /dev/null | grep "loaded"```
57
58#### SELinux cron permission fix
59> WARNING - Clamscan reports ________ database integrity tested BAD - SKIPPING
60
61**Run the following command to allow clamav selinux support**
62
63```setsebool -P antivirus_can_scan_system true```
64
65### Yara Rule Support automatically enabled (as of April 2016)
66Since usage yara rules requires clamav 0.100 or above, they will be automatically deactivated if your clamav is older than the required version
67
68
69### URLhaus Support (as of January 2020)
70Usage of free URLhaus Database: https://urlhaus.abuse.ch
71- Enabled by default
72
73### Yara-Rules Project Support (as of June 2015, updated January 2020)
74Usage of free Yara-Rules Project: http://yararules.com
75- Enabled by default
76
77Current limitations of clamav support : http://blog.clamav.net/search/label/yara
78
79### MalwarePatrol Free/Delayed list support (as of May 2015)
80Usage of MalwarePatrol 2015 free clamav signatures : https://www.malwarepatrol.net
81 - 1. Sign up for a free account : https://www.malwarepatrol.net/free-guard-upgrade-option/
82 - 2. You will recieve an email containing your password/receipt number
83 - 3. Enter the receipt number into the config malwarepatrol_receipt_code: replacing YOUR-RECEIPT-NUMBER with your receipt number from the email
84
85### SecuriteInfo Free/Delayed list support (as of June 2015)
86Usage of SecuriteInfo 2015 free clamav signatures : https://www.securiteinfo.com
87 - 1. Sign up for a free account : https://www.securiteinfo.com/clients/customers/signup
88 - 2. You will recieve an email to activate your account and then a followup email with your login name
89 - 3. Login and navigate to your customer account : https://www.securiteinfo.com/clients/customers/account
90 - 4. Click on the Setup tab
91 - 5. You will need to get your unique identifier from one of the download links, they are individual for every user
92 - 5.1. The 128 character string is after the http://www.securiteinfo.com/get/signatures/
93 - 5.2. Example https://www.securiteinfo.com/get/signatures/your_unique_and_very_long_random_string_of_characters/securiteinfo.hdb
94 Your 128 character authorisation signature would be : your_unique_and_very_long_random_string_of_characters
95 - 6. Enter the authorisation signature into the config securiteinfo_authorisation_signature: replacing YOUR-SIGNATURE-NUMBER with your authorisation signature from the link
96
97### Linux Malware Detect support (as of May 2015, updated January 2020)
98Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/projects/linux-malware-detect/
99 - Enabled by default, no configuration required
100
101### Need a database added ? Missing a database or a database not working ?
102Please post on the issue tracker : https://github.com/extremeshok/clamav-unofficial-sigs/issues
103
104## USAGE
105
106Usage: clamav-unofficial-sigs.sh [OPTION] [PATH|FILE]
107
108-c, --config Use a specific configuration file or directory
109 eg: '-c /your/dir' or ' -c /your/file.name'
110 Note: If a directory is specified the directory must contain atleast:
111 master.conf, os.conf or user.conf
112 Default Directory: /etc/clamav-unofficial-sigs
113
114
115-F, --force Force all databases to be downloaded, could cause ip to be blocked
116
117
118-h, --help Display this script's help and usage information
119
120
121-V, --version Output script version and date information
122
123
124-v, --verbose Be verbose, enabled when not run under cron
125
126
127-s, --silence Only output error messages, enabled when run under cron
128
129
130-d, --decode-sig Decode a third-party signature either by signature name
131 (eg: Sanesecurity.Junk.15248) or hexadecimal string.
132 This flag will 'NOT' decode image signatures
133
134
135-e, --encode-string Hexadecimal encode an entire input string that can
136 be used in any '*.ndb' signature database file
137
138
139-f, --encode-formatted Hexadecimal encode a formatted input string containing
140 signature spacing fields '{}, (), *', without encoding
141 the spacing fields, so that the encoded signature
142 can be used in any '*.ndb' signature database file
143
144
145-g, --gpg-verify GPG verify a specific Sanesecurity database file
146 eg: '-g filename.ext' (do not include file path)
147
148
149-i, --information Output system and configuration information for
150 viewing or possible debugging purposes
151
152
153-m, --make-database Make a signature database from an ascii file containing
154 data strings, with one data string per line. Additional
155 information is provided when using this flag
156
157
158-t, --test-database Clamscan integrity test a specific database file
159 eg: '-t filename.ext' (do not include file path)
160
161
162-o, --output-triggered If HAM directory scanning is enabled in the script's
163 configuration file, then output names of any third-party
164 signatures that triggered during the HAM directory scan
165
166
167-w, --whitelist <signature-name> Adds a signature whitelist entry in the newer ClamAV IGN2
168 format to 'my-whitelist.ign2' in order to temporarily resolve
169 a false-positive issue with a specific third-party signature.
170 Script added whitelist entries will automatically be removed
171 if the original signature is either modified or removed from
172 the third-party signature database
173
174
175--check-clamav If ClamD status check is enabled and the socket path is correctly
176 specifiedthen test to see if clamd is running or not
177
178
179--upgrade Upgrades this script and master.conf to the latest available version
180
181
182--install-all Install and generate the cron, logroate and man files, autodetects the values
183 based on your config files
184
185
186--install-cron Install and generate the cron file, autodetects the values
187 based on your config files
188
189
190--install-logrotate Install and generate the logrotate file, autodetects the
191 values based on your config files
192
193
194--install-man Install and generate the man file, autodetects the
195 values based on your config files
196
197
198--remove-script Remove the clamav-unofficial-sigs script and all of
199 its associated files and databases from the system
200
201## Change Log
202### Version 7.0.1 (Updated 25 January 2020)
203 - Disable yara project rules duplicated in rxfn.yara (Thanks @dominicraf)
204 - Incremented the config to version 91
205
206### Version 7.0.0 (Updated 24 January 2020)
207 - eXtremeSHOK.com Maintenance
208 - Added urlhaus database
209 - Added extra yararulesproject databases
210- Added new linuxmalwaredetect yara file
211 - Automatic upgrades ( --upgrade )
212 - Added --upgrade command line option
213 - Option to disable automatic upgrades ( allow_upgrades )
214 - Option to disable update checks (allow_update_checks)
215 - Increase download time to 1800 seconds from 600 seconds
216 - os.conf takes preference over os.***.conf
217 - Warn if there are multiple os.***.conf files
218 - More sanity checks to help users and prevent errors
219 - Better output of --info
220 - Fix all known bugs
221 - Implement all suggestions
222 - Fixed yararulesproject database names
223 - Correctly silence curl and wget
224 - New linuxmalwaredetect logic
225 - New malwarepatrol logic
226 - Suppress --- and === from the logs
227 - Update the documentation / guides
228 - Increase minimum clamav version for yara rules to 0.100 or above
229 - Fix systemd.timer and systemd.service files
230 - More travis-ci tests
231 - Added os.alpine.conf
232 - Added debug options/mode to config
233 - Set minimum config required to 90
234 - Lots of refactoring and optimizing
235 - Only check for and notify about script updates every 12hours
236 - Incremented the config to version 90
237
238### Version 6.1.1 (Updated 02 September 2019)
239 - eXtremeSHOK.com Maintenance
240 - Update os.archlinux.conf, thanks @amishmm
241 - master.conf set default dbs rating to medium
242 - user.conf better suggested values
243 - Default to using curl, less logic required (lower cpu)
244 - force_curl replaced with force_wget
245 - Fix: suppress all non-error output under cron/non interactive terminal
246 - Fix: check log file is not a link before setting permissions, only set if owned by root.
247 - Fix: failed to create symbolic link
248 - Fix: curl --compress ->> curl --compressed
249 - Minor enhancement to travis-ci checks
250 - Incremented the config to version 77
251
252### Version 6.1.0 (Updated 27 August 2019)
253 - eXtremeSHOK.com Maintenance
254 - Thanks Reio Remma & Oliver Nissen
255 - fail added to all curl commands
256 - Fix: Missing logic for LOWMEDIUMONLY | MEDIUMHIGHONLY | HIGHONLY databases
257 - Support for either os.osname.conf or os.conf files (no more needing to rename the os.osname.conf to os.conf)
258 - Where possible replaced echo with xshok_pretty_echo_and_log
259 - Refactor xshok_pretty_echo_and_log and make all notices styles consistent
260 - Silence output when run under cron
261 - add MAILTO=root to the generated cron file
262 - Add full proxy support for wget, curl, rsync, dig, host
263 - Better support for proxy config variables
264 - New config variable: git_branch (defaults to master for the update checks)
265 - allow -w signature for quicker whitelisting
266 - Sanitize whitelist input string (Remove quotes and .UNOFFICIAL)
267 - Added Full support for Hash-based Signature Databases
268 - User.conf is pre-configured with default options to allow for quicker setup
269 - Default sanesecurity and LinuxMalwareDetect to enabled
270 - Increase default retries from 3 to 5
271 - Ensure log file permissions are correct
272 - Better update comparison check, only notify if newer
273 - Incremented the config to version 76
274
275### Version 6.0.1
276 - eXtremeSHOK.com Maintenance
277 - Fix logging @dominicraf
278
279### Version 6.0
280 - eXtremeSHOK.com Maintenance & Refactoring
281 - Add timestamp support (do not re-download not modified files, saves bandwidth)
282 - wget and curl uses compression for the transfer (detected when supported, saves bandwidth)
283 - Posix compliance 'which' replaced with 'command -v'
284 - More escaped characters, shellcheck compliance
285 - Option added : force_curl , to force the usage of curl instead of wget
286 - Workaround for wget, which cannot do --timestamping and --output-document together
287 - Added SECURITEINFO securiteinfoold.hdb
288 - set malwarepatrol_free = no , when malwarepatrol_product_code != 8
289 - Fix: remove hardcoded malwarepatrol_product_code
290 - Fix: os.macosx.conf service: command not found
291 - Fix: whitelist a MalwarePatrol signature
292 - More reliable version checking
293 - Fix: Clamscan database integrity test
294 - Fix: version comparison of minimum Yara @bytesplit
295 - Use custom config directory @Amish
296 - unzip option -j was removed @wotomg
297 - ZCS 8.7 updates @tonster
298 - Logic fixes @Claus-Justus Heine
299 - Specify correct path for systemd units @SlothOfAnarchy
300 - Avoid hardcoded path to BASH @rseichter
301
302### Version 5.6.2
303 - eXtremeSHOK.com Maintenance
304 - Bug Fix GPG always being disabled, thanks @orlitzky
305
306### Version 5.6.1
307 - eXtremeSHOK.com Maintenance
308 - Packers/Javascript_exploit_and_obfuscation.yar false positive rating increased to HIGH
309 - Codeclimate fixes
310 - Incremented the config to version 73
311
312### Version 5.6
313 - eXtremeSHOK.com Maintenance
314 - PGP is now optional and no longer a requirement and pgp support is auto-detected
315 - Full support for MacOS / OS X and added clamav install guide
316 - Full support for pfSense and added clamav install guide
317 - Added os configs for Zimbra and Debian 8 with systemd
318 - Much better error messages with possible solutions given
319 - Better checking of possible issues
320 - Update all SANESECURITY signature databases
321 - Support for clamav-devel (clamav compiled from source)
322 - Added full proxy support to wget and curl
323 - Replace allot of "echo | cut | sed" with bash substitutions
324 - Added fallbacks/substitutions for various commands
325 - xshok_file_download and xshok_draw_time_remaining functions added to replace redundant code blocks
326 - Removed SANESECURITY mbl.ndb as this file is not showing up on the rsync mirrors
327 - Allow exit code 23 for rsync
328 - Major refactoring : Normalize comments, quotes, functions, conditions
329 - Protect various arguments and "POSIX-ize" script integrity
330 - Enhanced testing with travis-ci, including clamav 0.99
331 - Incremented the config to version 72
332
333### Version 5.4.1
334 - eXtremeSHOK.com Maintenance
335 - Disable installation when either pkg_mgr or pkg_rm is defined.
336 - Minor refactoring
337 - Update master.conf with the new Yara-rules project file names
338 - Incremented the config to version 69
339
340### Version 5.4
341 - eXtremeSHOK.com Maintenance
342 - Added Solaris 10 and 11 configs
343 - When under Solaris we define our own which function
344 - Define grep_bin variable, use gnu grep on sun os
345 - Fallback to gpg2 if gpg not found,
346 - Added support for csw gnupg on solaris
347 - Trap the keyboard interrupt (ctrl+c) and gracefully exit
348 - Added CentOS 7 Atomic config @deajan
349 - Minor refactoring and removing of unused variables
350 - Removed CRDF signatures as per Sanesecurity #124
351 - Added more Yara rule project Rules
352 - Incremented the config to version 68
353
354### Version 5.3.2
355 - eXtremeSHOK.com Maintenance
356 - Bug Fix: Additional Databases not downloading
357 - Added sanesecurity_update_hours option to limit updating to once every 2 hours
358 - Added additional_update_hours option to limit updating to once every 4 hours
359 - Refactor Additional Database File Update code
360 - Updated osx config with correct group for homebrew
361
362### Version 5.3.1
363 - eXtremeSHOK.com Maintenance
364 - Bug Fix: for GPG Signature test FAILED by @DamianoBianchi
365 - Remove unused $GETOPT
366 - Refactor clamscan_integrity_test_specific_database_file (--test-database)
367 - Refactor gpg_verify_specific_sanesecurity_database_file (--gpg-verify)
368 - Big fix: missing $pid_dir
369
370### Version 5.3.0
371 - eXtremeSHOK.com Maintenance
372 - Major change: Updated to use new database structure, now allows all low/medium/high databases to be enabled or disabled.
373 - Major change: curl replaced with wget (will fallback to curl is wget is not installed)
374 - Major change: script now functions correctly as the clamav user when started under cron
375 - Added fallback to curl if wget is not available
376 - Added locking (Enable pid file to prevent issues with multiple instances)
377 - Added retries to fetching downloads
378 - Code refactor: if wget repaced with if $? -ne 0
379 - Enhancement: Verify the clam_user and clam_group actually exists on the system
380 - Added function : xshok_user_group_exists, to check if a specific user and group exists
381 - Bug Fix: setmode only if is root
382 - Bug Fix: eval not working on certain systems
383 - Bug fix: rsync output not correctly silenced
384 - Code refactor: remove legacy `..` with $(...)
385 - Code refactor: replace [ ... -a ... ] with [ ... ] && [ ... ]
386 - Code refactor: replace [ ... -o ... ] with [ ... ] || [ ... ]
387 - Code refactor: replace cat "..." with done < ... from loops
388 - Code refactor: convert for loops using files to while loops
389 - Code refactor: read replaced with read -r
390 - Code refactor: added cd ... || exit , to handle a failed cd
391 - Code refactor: double quoted all varibles
392 - Code refactor: refactor all "ls" iterations to use globs
393 - Defined missing uname_bin variable
394 - Added function xshok_database
395 - Set minimum config required to 65
396 - Bump config to 65
397
398### Version 5.2.2
399 - eXtremeSHOK.com Maintenance
400 - Added --install-all Install and generate the cron, logroate and man files, autodetects the values $oft based on your config files
401 - Added functions: xshok_prompt_confirm, xshok_is_file, xshok_is_subdir
402 - Replaced Y/N prompts with xshok_prompt_confirm
403 - Bug Fix for disabled databases being removed when the remove_disabled_databases is set to NO (default)
404 - Added more warnings to remove_script and made it double confirmed
405 - Remove_script will only remove work_dir if its a sub directory
406 - Remove_script will only remove files if they are files
407 - Removed -r switch, --remove-script needs to be used instead of both -r and --remove-script
408 - Fixed: remove_script not removing logrotate file, cron file, man file
409
410### Version 5.2.1
411 - eXtremeSHOK.com Maintenance
412 - Minor bugfix for Sanesecurity_sigtest.yara Sanesecurity_spam.yara files being removed incorrectly
413 - Minor fix: yararulesproject_enabled not yararulesproject_enable
414
415### Version 5.2.0
416 - eXtremeSHOK.com Maintenance
417 - Refactor some functions
418 - Added --install-man this will automatically generate and install the man (help) file
419 - Yararules and yararulesproject enabled by default
420 - Added clamav version detection to automatically disable yararules and yararulesproject if the current clamav version does not support them
421 - Database files ending with .yar/.yara/.yararules will automatically be disabled from the database if yara rules are not supported
422 - Script options are added to the man file
423 - Fixed hardcoded logrotate and cron in remove_script
424 - Fixed incorrectly assigned logrotate varibles in install-logrotate
425 - Config added info for port/package maintainers regarding: pkg_mgr and pkg_rm
426 - Removed pkg_mgr and pkg_rm from freebsd and openbsd os configs
427 - Allow overriding of all the individual workdirs, this is mainly to aid package maintainers
428 - Rename sanesecurity_dir to work_dir_sanesecurity, securiteinfo_dir to work_dir_securiteinfo, malwarepatrol_dir to work_dir_malwarepatrol, yararules_dir to work_dir_yararules, add_dir to work_dir_add, gpg_dir to work_dir_gpg, work_dir_configs to work_dir_work_configs
429 - Rename yararules_enabled to yararulesproject_enabled
430 - Rename all yararules to yararulesproject
431 - Fix to prevent disabled databases processing certian things which will not be used as they are disabled
432 - Set minimum config required to 62
433 - Bump config to 62
434
435### Version 5.1.1
436 - eXtremeSHOK.com Maintenance
437 - Added OS X and openbsd configs
438 - Fixed host fallback sed issues by @MichaelKuch
439 - Suppress most error messages of chmod and chown
440 - check permissions before chmod
441 - Added the config option remove_disabled_databases # Default is "no", if enabled when a database is disabled we will remove the associated database files.
442 - Added function xshok_mkdir_ownership
443 - Do not set permissions of the log, cron and logrotate dirs
444 - Fix: fallback for missing gpg -r option on OS X
445 - Update sanesecurity signatures
446 - Bump config to 61
447
448### Version 5.1.0
449 - eXtremeSHOK.com Maintenance
450 - Added --install-cron this will automatically generate and install the cron file
451 - Added --install-logrotate this will automatically generate and install the logrotate file
452 - Change official URL of SecuriteInfo signatures
453 - Added a new database (securiteinfoandroid.hdb) for SecuriteInfo
454 - Remove database files after disabling a database group by @reneschuster
455 - Updated Gentoo OS config by @orlitzky
456 - Regroup functiuons
457 - Increase travis-ci code testing
458 - Set minimum config required to 60
459 - Bump config to 60
460
461### Version 5.0.6
462 - eXtremeSHOK.com Maintenance
463 - Updated winnow databases as per information from Tom @ OITC
464 - Bump config to 58
465
466### Version 5.0.5
467 - eXtremeSHOK.com Maintenance
468 - Add support for specifying a custom config dir or file with (--config) -c option
469 - Removed default_config
470 - Added travis-ci build testing
471 - Updates to the help and usage display
472 - Added sanity testing of sanesecurity_dbs, securiteinfo_dbs, linuxmalwaredetect_dbs, yararules_dbs, add_dbs
473 - Added function xshok_array_count
474 - Prevent some issues with an incomplete or only a user.conf being loaded
475 - Added fallback to host if dig returns no records
476 - Check there are Sanesecurity mirror ips before we attempt to rsync
477 - Important binaries have been aliased (clamscan, rsync, curl, gpg) and allow their paths to be overridden
478 - Added sanity checks to make sure the binaries and workdir is defined
479 - Custom Binary Paths added to the config (clamscan_bin, rsync_bin, curl_bin, gpg_bin)
480 - Bump config to 57
481 - Added initial centos6 + cpanel os config
482 - Bugfix Only start logging once all the configs have been loaded
483 - Rename $version to script_version
484 - Default malwarePatrol to the free version
485 - Added script version checks
486
487### Version 5.0.4
488 - eXtremeSHOK.com Maintenance
489 - Added/Updated OS configs: CentOS 7, FreeBSD, Slackware
490 - Added clamd_reload_opt to fix issues with centos7 conf
491 - Fix --remove-script should call remove_script() function by @IdahoPL
492 - Add OS specific settings to logrotate
493 - Increased default timeout values
494 - Attempt to Silence more output
495 - Create the log_file_path directory before we touch the file.
496 - Updated config file to remove the $work_dir varible from dir names
497 - Remove trailing / from directory names
498 - Initial support for Travis-Ci testing
499 - Fixed config option enable_logging -> logging_enabled
500 - Config updated to 56 due to changes
501
502### Version 5.0.3
503 - eXtremeSHOK.com Maintenance
504 - Added OS configs: OpenSUSE, Archlinux, Gentoo, Raspbian, FreeBSD
505 - Fixed config option enable_logging -> logging_enabled
506
507### Version 5.0.2
508 - eXtremeSHOK.com Maintenance
509 - Detect if the entire script is available/complete
510 - Fix for Missing space between "]
511
512### Version 5.0.1
513 - eXtremeSHOK.com Maintenance
514 - Disable logging if the log file is not writable.
515 - Do not attempt to log before a config is loaded
516
517### Version 5.0.0
518 - eXtremeSHOK.com Maintenance
519 - Added porcupine.hsb : Sha256 Hashes of VBS and JSE malware Database from sanesecurity
520 - Fix for missing $ for clamd_pid an incorrect variable definition
521 - Fixes for not removing dirs by @msapiro
522 - Updates to account for changed names and addition of sub-directories for Yara-Rules by @msapiro
523 - Use MD5 with MalwarePatrol by @olivier2557
524 - Suppress the header and config loading message if running via cron
525 - Added systemd files by @falon
526 - Added config option remove_bad_database, a database with a BAD integrity check will be removed
527 - Fixed broken whitelisting of malwarepatrol signatures
528 - Replaced Version command option -v with -V
529 - Added command option -v (--verbose) to force verbose output
530 - Removed config options: silence_ssl, curl_silence, rsync_silence, gpg_silence, comment_silence
531 - Added ignore_ssl option to supress ssl errors and warnings, ie operate in insecure mode.
532 - Replaced test-database command option -s with -t
533 - Replaced output-triggered command option -t with -o
534 - Added command option -s (--silence) to force silenced output
535 - Default verbose for terminal and silence for cron
536 - Added RHEL/Centos 7 config settings
537 - Added short option (-F) to Force all databases to be downloaded, could cause ip to be blocked"
538 - Fixed removal of failed databases, disbale with option "remove_bad_database"
539 - Removed config options: clamd_start, clamd_stop
540 - Full rewrite of the config handling, master.conf -> os.conf -> user.conf or your-specified.config
541 - Configs loaded from the /etc/clamav-unofficial-sigs dir
542 - Added various os.conf files to ease setup
543 - Added selinux_fixes config option, this will run restorecon on the database files
544 - minor code refactoring and reindenting
545
546### Version 4.9.3
547 - eXtremeSHOK.com Maintenance
548 - Various Bug Fixes
549 - Last release of 4.x.x base
550 - minor code refactoring
551
552### Version 4.9.2
553 - eXtremeSHOK.com Maintenance
554 - Added function xshok_check_s2 to prevent possible errors with -c and no configfile path
555 - minor code refactoring
556
557### Version 4.9.1
558 - eXtremeSHOK.com Maintenance
559 - OS X compatibility fix by stewardle
560 - missing $ in $yararules_enabled
561
562### Version 4.9
563 - eXtremeSHOK.com Maintenance
564 - Code Refactoring
565 - New function clamscan_reload_dbs, will first try and reload the clam database, if reload fails will restart clamd
566 - Added Function xshok_pretty_echo_and_log, far easier and cleaner way to output and log information
567 - Removed functions comment, log
568 - Removed config option reload_opt
569 - Added config option clamd_restart_opt
570 - Added support for # characters in config values, ie malwarepatrol subscription key contains a #
571 - Minor formatting and code consitency changes
572 - 10% Smaller script size
573 - Config updated to 53 due to changes
574
575### Version 4.8
576 - eXtremeSHOK.com Maintenance
577 - Added long option (--force) to Force all databases to be downloaded, could cause ip to be blocked"
578 - added config option: malwarepatrol_free="yes", set to "no" to enable commercial subscription url
579 - added support for commercial malwarepatrol subscription
580 - Grammar fix in config
581 - SELINUX cronjob fix added to readme
582 - Corrects tput warning when used without TERM (like in cron)
583 - Config updated to 52 due to changes
584
585### Version 4.7
586 - eXtremeSHOK.com Maintenance
587 - Code Refactoring
588 - Complete rewrite of the main case selector (program options)
589 - Added long options (--decode-sig, --encode-string, --encode-formatted, --gpg-verify, --information, --make-database, --remove-script, --test-database, --output-triggered)
590 - Replaced clamd-status.sh with --check-clamav
591 - Removed CHANGELOG, changelog has been replaced by this part of the readme and the git commit log.
592 - Config updated to 51 due to changes
593
594### Version 4.6.1
595 - eXtremeSHOK.com Maintenance
596 - Code Refactoring
597 - Added generic options (--help --version --config)
598 - Correctly handle generic options before the main case selector
599 - Sanitize the config before the main case selector (option)
600 - Rewrite and formatting of the usage options
601 - Removed the version information code as this is always printed
602
603### Version 4.6
604 - eXtremeSHOK.com Maintenance
605 - Code Refactoring
606 - Removed custom config forced to use the same filename as the default config
607 - Change file checks from exists to exists and is readable
608 - Removed legacy config checks
609 - Full support for custom config files for all tasks
610 - Removed function: no_default_config
611
612### Version 4.5.3
613 - eXtremeSHOK.com Maintenance
614 - badmacro.ndb rule support for sanesecurity
615 - Sanesecurity_sigtest.yara rule support for sanesecurity
616 - Sanesecurity_spam.yara rule support for sanesecurity
617 - Changed required_config_version to minimum_required_config_version
618 - Script now supports a minimum config version to allow for out of sync config and script versions
619
620### Version 4.5.2
621 - eXtremeSHOK.com Maintenance
622 - hackingteam.hsb rule support for sanesecurity
623
624### Version 4.5.1
625 - eXtremeSHOK.com Maintenance
626 - Beta YARA rule support for sanesecurity
627 - Config updated to 4.8 due to changes
628 - Bugfix "securiteinfo_enabled" should be "$securiteinfo_enabled"
629
630### Version 4.5.0
631 - eXtremeSHOK.com Maintenance
632 - Initial YARA rule support for sanesecurity
633 - Added Yara-Rules project Database
634 - Added config option to quickly enable/disable an entire database
635 - Config updated to 4.7 due to changes
636 - Note: Yara rules require clamav 0.99+
637 - Bugfix removed unused linuxmalwaredetect_authorisation_signature varible from script
638
639### Version 4.4.5
640 - eXtremeSHOK.com Maintenance
641 - Updated SecuriteInfo setup instructions
642
643### Version 4.4.4
644 - eXtremeSHOK.com Maintenance
645 - Committed patch-1 by SecuriteInfo (clean up of SecuriteInfo databases)
646 - Fixed double $surl_insecure
647
648### Version 4.4.3
649 - eXtremeSHOK.com Maintenance
650 - Bugfix for SecuriteInfo not downloading by Colin Waring
651 - Default will now silence ssl errors caused by ssl certificate errors
652 - Config updated to 4.6 due to new varible: silence_ssl
653
654### Version 4.4.2
655 - eXtremeSHOK.com Maintenance
656 - Improved config error checking
657 - Config updated to 4.5, due to invalid default dbs-si value
658 - Fix debug varible being present
659 - Bug fix for ubuntu 14.04 with sed being aliased
660 - Explicitly set bash as the shell
661
662### Version 4.4.1
663 - eXtremeSHOK.com Maintenance
664 - Added error checking to detect if the config could be broken.
665
666### Version 4.4.0
667 - eXtremeSHOK.com Maintenance
668 - Code refactoring:
669 - Added full support for Linux Malware Detect clamav databases
670 - Config updated to 4.4
671
672### Version 4.3.0
673 - eXtremeSHOK.com Maintenance
674 - Code refactoring: group and move functions to top of script
675 - Complete rewrite of securiteinfo support, full support for Free/Delayed clamav by securiteinfo.com ;-P
676 Note: securite info requires you to create a free account and add your authorisation code to the config.
677 - Config updated to 4.3
678 - Restructured Config
679
680### Version 4.2.0
681 - eXtremeSHOK.com Maintenance
682 - Replace annoying si_ , mbl_, ss_ with actual names ie. securiteinfo_ malwarepatrol_ sanesecurity_
683 - Complete rewrite of malwarepatrol support, full support for Free/Delayed clamav ;-P
684 Note: malware patrol requires you to create a free account and add your "purchase" code to the config.
685 - More fixes to config prasing and stripping of comments and whitespace
686 - Code refactoring: remove empty commands: echo "" and comment ""
687 - Config version detection and enforcing
688
689### Version 4.1.0
690 - eXtremeSHOK.com Maintenance
691 - Fix on default enable of foxhole medium and High false positive sources
692 - grammatical corrections to some comments and log output
693 - sig-boundary patch by Alan Stern
694 - create intermediate monitor-ign-old.txt to prevent reading and writing of local.ign by Alan Stern
695
696### Version 4.0.0 (Released 9 May 2015)
697 - eXtremeSHOK.com Maintenance
698 - Enabled all low false positive sources by default
699 - Added all Sanesecurity database files
700 - Disabled all med/high false positive sources by default
701 - Set default configs to work out of the box on a centos system
702 - Silence cron job
703 - Set correct paths throughout the script
704 - Updated Installation Instructions
705 - Updated Paths for removal
706 - Updated Default locations to reflect installation instructions
707 - Fix: correctly remove comments and blanklines from config before eval
708 - Remove: invalid config values (eg. EXPORT path)
709 - Fix: correctly check if rsync was successful
710
711## Script updates can be found at:
712### https://github.com/extremeshok/clamav-unofficial-sigs
713
){kind=link}
){kind=link}
){kind=link}