Package Details: clamav-unofficial-sigs 7.0.1-1

Git Clone URL: https://aur.archlinux.org/clamav-unofficial-sigs.git (read-only, click to copy)
Package Base: clamav-unofficial-sigs
Description: ClamAV Unofficial Signatures Updater maintained by eXtremeSHOK.com
Upstream URL: https://github.com/extremeshok/clamav-unofficial-sigs
Licenses: BSD
Submitter: sinkuu
Maintainer: amish
Last Packager: amish
Votes: 59
Popularity: 1.63
First Submitted: 2015-12-29 01:37
Last Updated: 2020-01-27 05:49

Pinned Comments

amish commented on 2018-05-18 15:31

Updated to 5.6.2-3 which disables Yara rules update till it is fixed upstream by extremeshok or Yara rules project. (you can still easily enable it if you want.)

Fixed systemd.timer, outdated os.conf and custom config directory bug.

Also package works out-of-box i.e. now there is no need to set: user_configuration_complete="yes" in user.conf.

Modify user.conf if you want some different settings.

Latest Comments

« First ‹ Previous 1 2 3 Next › Last »

sinkuu commented on 2016-04-13 06:49

The configuration files have restructured since 5.0. `user_configuration_complete is disabled in order to ensure you have completed (re-)configuration before execution.

widowild commented on 2016-04-12 14:51

Please add in .install
uncomment file /etc/clamav-unofficial-sigs/user.conf

#user_configuration_complete="yes"
and
user_configuration_complete="yes"

widowild commented on 2016-04-12 14:29

hello,

$ sudo clamav-unofficial-sigs.sh
################################################################################
eXtremeSHOK.com ClamAV Unofficial Signature Updater
Version: v5.1.0 (08 April 2016)
Required Configuration Version: v60
Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
################################################################################
=======================================================
Loading config: /etc/clamav-unofficial-sigs/master.conf
=======================================================
===================================================
Loading config: /etc/clamav-unofficial-sigs/os.conf
===================================================
=====================================================
Loading config: /etc/clamav-unofficial-sigs/user.conf
=====================================================
****************************************************
WARNING: SCRIPT CONFIGURATION HAS NOT BEEN COMPLETED
****************************************************
Please review the script configuration files.

Utini commented on 2016-02-19 18:45

Thanks for that link but I am thinking about adding /tmp/ in general (which should include the pacaur tmp folder in any case).

This is a standard folder for "malicious files" on windows, so maybe it is also a smart choice to add on Arch?

sinkuu commented on 2016-02-13 22:26

https://github.com/rmarquis/pacaur/blob/master/pacaur#L41

I think you need to configure pacaur's TMPDIR somewhere persistent. If clamd during startup can't find some paths included for on-access scan, it doesn't watch them.

Utini commented on 2016-02-13 16:27

Hmm in my case it will be used on my Laptop which is use for everything (work, office, multimedia, coding, ....).

I am using cower + pacaur.
Also I am wondering if I should exlude any directories?

sinkuu commented on 2016-02-13 15:16

I'm using on-access scanning just for file servers, so I don't know.
At least "OnAccessPrevention yes" prevents detected files to be accessed even from root.


> So which directory should I use for "OnAccessIncludePath" ?

Depends on your AUR helper and its configuration.

Utini commented on 2016-02-13 14:43

Thanks,

did you already try to configure ClamAV as on-access scanner? Or do you have any idea on how to automatically scan any AUR packages befire installing?

Btw I made a thread to improve the ClamAV setup in general:
https://bbs.archlinux.org/viewtopic.php?pid=1603867

@edit: woopsie, didn't see you edit.
So which directory should I use for "OnAccessIncludePath" ?

I will defeniately include my download folder. But which AUR directories or is there any general "good practice" ?

sinkuu commented on 2016-02-13 13:37

> Is there a way to verify that everything is working and signatures are being downloaded + used by ClamAV?

Run `clamconf`. It will print various information including the list of databases currently used by ClamAV.


> On-Access scanner

Edit clamd.conf:
~~~
#User clamav # <- comment out this line! On-Access scanning requires root

ScanOnAccess yes
OnAccessPrevention yes
OnAccessIncludePath /path/to/be/watched
~~~
and restart clamd service.

AUR cache directory may contain a bunch of files, but Clamd can watch as many files as `sysctl fs.inotify.max_user_watches` says (default value is 8192).
If you see errors on /var/log/clamav/clamd.log, try increasing it.

Utini commented on 2016-02-13 12:34

Thanks, you are awesome !

Just one more question: Is there a way to verify that everything is working and signatures are being downloaded + used by ClamAV?

....my next task will be to get ClamAV to be an On-Access scanner which will somehow can all AUR packages when downloading/building. Not sure how to do that though. Maybe by constantly watching + scanning the "local AUR folder".