#!/bin/bash
cd /tmp
# download clamav database files
wget http://database.clamav.net/main.cvd
wget http://database.clamav.net/daily.cvd
# extract the databases
sigtool --unpack main.cvd
sigtool --unpack daily.cvd
# extract md5 hash only to blacklist_md5
cat main.hdb >> clamav_md5
cat daily.hdb >> clamav_md5
cut -d':' -f1 clamav_md5 > blacklist_md5
# copy to suricata rules directory
cp blacklist_md5 /etc/suricata/rules/
# clean up
rm main.*
rm daily.*
rm *_md5