extremeShok UnOfficial SIGS

Request and discuss new features you would like to have.
Post Reply
SupportOU
Posts: 47
Joined: 12 Sep 2016 18:47

extremeShok UnOfficial SIGS

Post by SupportOU »

Hey any1,

My first question, hence my 1st post.

I do extremely welcome the Unofficial SIGS part of ExtremeShok, but how can I tell if the SIGS are added to ClamAV?

There is a log file location for it, but that's empty and I do not see anything related in maillog or clamd.log (or freshclam log).

I have a plain vanilla box with, for now, latest version (3.0.1.4).

Any ideas/suggestions welcome!

Grtz,
Ronald
SupportOU
Posts: 47
Joined: 12 Sep 2016 18:47

Re: extremeShok UnOfficial SIGS

Post by SupportOU »

Allrighty, found out myself, just follow the instuctions on https://github.com/extremeshok/clamav-unofficial-sigs
Just the scripts were in 3.0.1.4 but not configured, since the auth keys need to be individually.
It seems to work.
Cheerz!
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: extremeShok UnOfficial SIGS

Post by ovizii »

Oh, so we have to manually configure the Unofficial Sigs after updating to 3.0.1.4?
Its not a problem, just wanted to make sure this is correct.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: extremeShok UnOfficial SIGS

Post by shawniverson »

It is *mostly* configured, in that the scripts are in place, but yeah, if you want it to download things like Malwarepatrol, SecuriteInfo, etc. you need to subscribe to them and set it up.
SupportOU
Posts: 47
Joined: 12 Sep 2016 18:47

Re: extremeShok UnOfficial SIGS

Post by SupportOU »

ack, it's very simple.
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: extremeShok UnOfficial SIGS

Post by ovizii »

I know its simple, its just that in previous versions I think you entered your malware patrol during the config and this was the first time I had seen it mentioned that you need to do this manually :-)
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: extremeShok UnOfficial SIGS

Post by ovizii »

apparently EFA uses the yum package clamav-unofficial-sigs which is currently at Version: v5.4.1 (20 July 2016) while https://github.com/extremeshok/clamav-unofficial-sigs is at Version 5.6.2 (updated 2017-03-19)

so my question is if it would not be better to include the second version in EFA directly?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: extremeShok UnOfficial SIGS

Post by shawniverson »

Sounds like it is time for a new package. I'll add this to the todo for 3.0.2.4
Post Reply