Sanesecurity Sample Config file

1. # This file contains user configuration settings for the clamav-unofficial-sigs.sh
2. # Script provide by Bill Landry (unofficialsigs@gmail.com).
3. #
4. # Script updates can be found at: http://sourceforge.net/projects/unofficial-sigs
5. #
6. # License: BSD (Berkeley Software Distribution)
7.  
8. ################################################################################
9. # USER CONFIGURATION FILE FOR SCRIPT: #
10. # * * * #
11. # clamav-unofficial-sigs.sh #
12. # * * * #
13. # SET PROGRAM PATHS AND OTHER VARIABLE OPTIONS FOR THE SCRIPT IN THIS FILE #
14. ################################################################################
15.  
16. # Edit the quoted variables below to meet your own particular needs
17. # and requirements, but do not remove the "quote" marks.
18.  
19. # Be sure to set the appropriate shell for your OS Platform. It's been
20. # reported that "sh" works best for BSD variants, "ksh" for Sun Solaris,
21. # and "bash" for Linux variants. If you experience problems running the
22. # script, please try editing the top line of the script file and changing
23. # "sh" to either "ksh" or "bash" before reporting a problem.
24.  
25. # Set and export the appropriate program paths for your OS platform. Required
26. # utilities include: find, xargs, sed, awk, cut, dig, grep, tail, chown, chmod,
27. # cmp, diff, gzip, ls, cp, mv, test, gpg, host, sleep, cksum, rsync, curl, perl,
28. # and optionally socat. It's been reported that on Sun systems, the GNU utilities
29. # should be used rather than the default Sun OS versions of these utilities.
30.  
31. PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
32. export PATH
33.  
34. # Set the appropriate ClamD user and group accounts for your system.
35. # If you do not want the script to set user and group permissions on
36. # files and directories, comment the next two variables.
37. clam_user="clamav"
38. clam_group="clamav"
39.  
40. # If you do not want the script to change the file mode of all signature
41. # database files in the ClamAV working directory to 0644 (-rw-r--r--):
42. #
43. # owner: read, write
44. # group: read
45. # world: read
46. #
47. # as defined in the "clam_dbs" path variable below, then set the following
48. # "setmode" variable to "no".
49. setmode="yes"
50.  
51. # Set path to ClamAV database files location. If unsure, check
52. # your clamd.conf file for the "DatabaseDirectory" path setting.
53. clam_dbs="/var/lib/clamav"
54.  
55. # Set path to clamd.pid file (see clamd.conf for path location).
56. clamd_pid="/var/run/clamd.pid"
57.  
58. # To enable "ham" (non-spam) directory scanning and removal of
59. # signatures that trigger on ham messages, uncomment the following
60. # variable and set it to the appropriate ham message directory.
61. #ham_dir="/path/to/ham-test/directory"
62.  
63. # If you would like to reload the clamd databases after an update,
64. # change the following variable to "yes".
65. reload_dbs="no"
66.  
67. # Set the reload or restart option if the "reload_dbs" variable above
68. # is set to "yes" (only select 'ONE' of the following variables or the
69. # last uncommented variable option will be the one used).
70. # - The next variable signals clamd daemon to reload databases (this is the recommended reload option)
71. reload_opt="clamdscan --reload" # Default
72. # - The next variable signals clamd's Process ID (PID) to reload databases
73. #reload_opt="kill -USR2 `cat $clamd_pid`"
74. # - The next variable signals linux based systems to do a full clamd service stop/start
75. #reload_opt="service clamd restart"
76. # - Use the next variable to set a custom or system specific reload/restart option
77. #reload_opt=""
78.  
79. # If running clamd in "LocalSocket" mode (*NOT* in TCP/IP mode), and
80. # either "SOcket Cat" (socat) or the "IO::Socket::UNIX" perl module
81. # are installed on the system, and you want to report whether clamd
82. # is running or not, uncomment the "clamd_socket" variable below (you
83. # will be warned if neither socat nor IO::Socket::UNIX are found, but
84. # the script will still run). You will also need to set the correct
85. # path to your clamd socket file (if unsure of the path, check the
86. # "LocalSocket" setting in your clamd.conf file for socket location).
87. #clamd_socket="/var/run/clamd.socket"
88.  
89. # If you would like to attempt to restart ClamD if detected not running,
90. # uncomment the next 2 lines. Confirm the path to the "clamd_lock" file
91. # (usually can be found in the clamd init script) and also enter the clamd
92. # start command for your particular distro for the "start_clamd" variable
93. # (the sample start command shown below should work for most linux distros).
94. # NOTE: these 2 variables are dependant on the "clamd_socket" variable
95. # shown above - if not enabled, then the following 2 variables will be
96. # ignored, whether enabled or not.
97. #clamd_lock="/var/lock/subsys/clamd"
98. #start_clamd="service clamd start"
99.  
100. # Enable or disable download time randomization. This allows the script to
101. # be executed via cron, but the actual database file checking will pause
102. # for a random number of seconds between the "min" and "max" time settings
103. # specified below. This helps to more evenly distribute load on the host
104. # download sites. To disable, set the following variable to "no".
105. enable_random="yes"
106.  
107. # If download time randomization is enabled above (enable_random="yes"),
108. # then set the min and max radomization time intervals (in seconds).
109. min_sleep_time="60" # Default minimum is 60 seconds (1 minute).
110. max_sleep_time="600" # Default maximum is 600 seconds (10 minutes).
111.  
112. # ========================
113. # Sanesecurity Database(s)
114. # ========================
115. # Add or remove database file names between quote marks as needed. To
116. # disable usage of any of the Sanesecurity distributed database files
117. # shown, remove the database file name from the quoted section below.
118. # To disable usage of all Sanesecurity distributed databases, comment
119. # all of the quoted lines below. Only databases defined as "low" risk
120. # have been enabled by default (for additional information about the
121. # database ratings, see: http://www.sanesecurity.com/clamav/databases.htm).
122. # Only add signature databases here that are "distributed" by Sanesecuirty
123. # as defined at the URL shown above. Database distributed by others sources
124. # (e.g., SecuriteInfo & MalewarePatrol, can be added to other sections of
125. # this config file below). Finally, make sure that the database names are
126. # spelled correctly or you will experience issues when the script runs
127. # (hint: all rsync servers will fail to download signature updates).
128. ss_dbs="
129. blurl.ndb
130. junk.ndb
131. jurlbl.ndb
132. phish.ndb
133. rogue.hdb
134. sanesecurity.ftm
135. scam.ndb
136. sigwhitelist.ign2
137. spamattach.hdb
138. spamimg.hdb
139. winnow.attachments.hdb
140. winnow_bad_cw.hdb
141. winnow_extended_malware.hdb
142. winnow_malware.hdb
143. winnow_malware_links.ndb
144. bofhland_cracked_URL.ndb
145. bofhland_malware_attach.hdb
146. bofhland_malware_URL.ndb
147. bofhland_phishing_URL.ndb
148. crdfam.clamav.hdb
149. phishtank.ndb
150. porcupine.ndb
151. "
152.  
153. # ========================
154. # SecuriteInfo Database(s)
155. # ========================
156. # Add or remove database file names between quote marks as needed. To
157. # disable any SecuriteInfo database downloads, remove the appropriate
158. # lines below. To disable all SecuriteInfo database file downloads,
159. # comment all of the following lines.
160. #si_dbs="
161. # honeynet.hdb
162. # securiteinfo.hdb
163. # securiteinfobat.hdb
164. # securiteinfodos.hdb
165. # securiteinfoelf.hdb
166. # securiteinfohtml.hdb
167. # securiteinfooffice.hdb
168. # securiteinfopdf.hdb
169. # securiteinfosh.hdb
170. #"
171.  
172. # Since the SecuriteInfo databases are only updated a few time each
173. # month, set a time interval to do database update checks.
174. si_update_hours="4" # Default is 4 hours (6 update checks daily).
175.  
176. # =========================
177. # MalwarePatrol Database(s)
178. # =========================
179. # Add or remove database file names between quote marks as needed. To
180. # disable any of the MalwarePatrol database file downloads, remove the
181. # appropriate database file name lines below. To disable MalwarePatrol
182. # database downloads, comment all of the following lines.
183. #mbl_dbs="
184. # mbl.ndb
185. #"
186.  
187. # Since the MalwarePatrol database file is dynamically created,
188. # there is no way to test for changes prior to downloading. For this
189. # reason, you will need to set a reasonable time interval in "hours"
190. # for MBL database file downloads. As shown below, this has been
191. # set to update every "6" hours, which seems appropriate (that's 4
192. # file downloads per day) Change only if you REALLY feel you must.
193. # However, I would not suggest going below every 4 hour lest you risk
194. # being blacklisted by the MalwarePatrol site.
195. mbl_update_hours="6" # Default is 6 hours (4 downloads daily).
196.  
197. # Additional signature databases can be specified here in the following
198. # format: PROTOCOL://URL-or-IP/PATH/TO/FILE-NAME (use a trailing "/" in
199. # place of the "FILE-NAME" to download all files from specified location,
200. # but this *ONLY* works for files downloaded via rsync). For non-rsync
201. # downloads, curl is used. For download protocols supported by curl, see
202. # "man curl". This also works well for locations that have many ClamAV
203. # servers that use 3rd party signature databases, as only one server need
204. # download the remote databases, and all others can update from the local
205. # mirror's copy. See format examples below. To use, remove the comments
206. # and examples shown and add your own sites between the quote marks.
207. #add_dbs="
208. # rsync://192.168.1.50/new-db/sigs.hdb
209. # rsync://rsync.example.com/all-dbs/
210. # ftp://ftp.example.net/pub/sigs.ndb
211. # http://www.example.org/sigs.ldb
212. #"
213.  
214. # Set rsync connection and data transfer timeout limits in seconds.
215. # The defaults settings here are reasonable, only change if you are
216. # experiencing timeout issues.
217. rsync_connect_timeout="15"
218. rsync_max_time="60"
219.  
220. # Set curl connection and data transfer timeout limits in seconds.
221. # The defaults settings here are reasonable, only change if you are
222. # experiencing timeout issues.
223. curl_connect_timeout="15"
224. curl_max_time="90"
225.  
226. # Set working directory paths (edit to meet your own needs). If these
227. # directories do not exist, the script will attempt to create them.
228. # Top level working directory path:
229. work_dir="/usr/unofficial-dbs" #Top level working directory
230. # Sub-directory names:
231. ss_dir="$work_dir/ss-dbs" # Sanesecurity sub-directory
232. si_dir="$work_dir/si-dbs" # SecuriteInfo sub-directory
233. mbl_dir="$work_dir/mbl-dbs" # MalwarePatrol sub-directory
234. config_dir="$work_dir/configs" # Script configs sub-directory
235. gpg_dir="$work_dir/gpg-key" # Sanesecurity GPG Key sub-directory
236. add_dir="$work_dir/add-dbs" # User defined databases sub-directory
237.  
238. # If you would like to make a backup copy of the current running database
239. # file before updating, leave the following variable set to "yes" and a
240. # backup copy of the file will be created in the production directory
241. # with -bak appended to the file name.
242. keep_db_backup="no"
243.  
244. # If you want to silence the information reported by curl, rsync, gpg
245. # or the general script comments, change the following variables to
246. # "yes". If all variables are set to "yes", the script will output
247. # nothing except error conditions.
248. curl_silence="no" # Default is "no" to report curl statistics
249. rsync_silence="no" # Default is "no" to report rsync statistics
250. gpg_silence="no" # Default is "no" to report gpg signature status
251. comment_silence="no" # Default is "no" to report script comments
252.  
253. # Log update information to '$log_file_path/$log_file_name'.
254. enable_logging="yes"
255. log_file_path="/var/log"
256. log_file_name="clamav-unofficial-sigs.log"
257.  
258. # If necessary to proxy database downloads, define the rsync and/or curl
259. # proxy settings here. For rsync, the proxy must support connections to
260. # port 873. Both curl and rsync proxy setting need to be defined in the
261. # format of "hostname:port". For curl, also note the -x and -U flags,
262. # which must be set as "-x hostname:port" and "-U username:password".
263. rsync_proxy=""
264. curl_proxy=""
265.  
266. # After you have completed the configuration of this file, set the
267. # following variable to "yes".
268. user_configuration_complete="yes"
269.  
270. ################################################################################
271. # END OF USER CONFIGURATION #
272. ################################################################################