/usr/bin/nsm_clamav_md5

1. #!/bin/bash
2.  
3. cd /tmp
4.  
5. # download clamav database files
6. wget http://database.clamav.net/main.cvd
7. wget http://database.clamav.net/daily.cvd
8.  
9. # extract the databases
10. sigtool --unpack main.cvd
11. sigtool --unpack daily.cvd
12.  
13. # extract md5 hash only to blacklist_md5
14. cat main.hdb >> clamav_md5
15. cat daily.hdb >> clamav_md5
16.  
17. cut -d':' -f1 clamav_md5 > blacklist_md5
18.  
19. # copy to suricata rules directory
20. cp blacklist_md5 /etc/suricata/rules/
21.  
22. # clean up
23. rm main.*
24. rm daily.*
25. rm *_md5