eXtremeSHOK has released a new version of their ClamAV unofficial signatures updater script.
The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol, Yara-Rules Project, urlhaus, MalwareExpert, interServer etc. The script will also generate and install cron, logrotate, and man files.
Change log:
- eXtremeSHOK.com Maintenance
- Change yararule email/Email_generic_phishing.yar to HIGH
- New config option: force_host, by default dig is used when dig and host is present.
- Refactor and correct the assigning of binaries/commands
- Fix broken yara rule database names: Maldoc_hancitor_dropper and Maldoc_APT19_CVE-2017-1099
- Ensure only dig or host is used when either dig or host is enabled
- Enable remove_disabled_databases by default
- Fix disabled databases removed when "$remove_disabled_databases" is set to "no"
- Incremented the config to version 95
