On 11/06/2013 07:56 PM, Nicholas Chua wrote:
Hi  Brent

You might take a look at the SaneSecurity Foxhole signatures for ClamAV:

http://sanesecurity.com/foxhole-databases/


These are designed to hit on any executable in an archive file.


Regards,


Brent Gardner

Are you able to teach me how do i use foxhole only?

Nic-

Install QmailToaster Plus if you don't already have it. Instructions here:

    http://qtp.qmailtoaster.com/trac


Then, with root privileges, run qtp-install-sanesecurity.  More info here:

http://qtp.qmailtoaster.com/trac/wiki/Features#qtp-install-sanesecurity


Then, edit /etc/clamav-unofficial-sigs.conf. There's a section that starts like this:

    # ========================
    # Sanesecurity Database(s)
    # ========================


In this section, there's a statement:

    ss_dbs="
       <lots of>
       <signature>
       <db names>
    "


If you want to run -only- the foxhole signatures, remove all the other signature DB names between the quotes and add the foxhole signature db name of your choice on a line by itself between the quotes. There's at least three foxhole signature databases so you'll need to choose which one's right for you. More info here:

    http://sanesecurity.com/foxhole-databases/


The SaneSecurity updater script also downloads SecuriteInfo and MalwarePatrol databases. If you want to prevent this you'll also need to comment out the corresponding sections in clamav-unofficial-sigs.conf.


Regards,

Brent Gardner




---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to