On 11/06/2013 07:56 PM, Nicholas Chua wrote:
Hi Brent
You might take a look at the SaneSecurity Foxhole signatures for ClamAV:
http://sanesecurity.com/foxhole-databases/
These are designed to hit on any executable in an archive file.
Regards,
Brent Gardner
Are you able to teach me how do i use foxhole only?
Nic-
Install QmailToaster Plus if you don't already have it. Instructions here:
http://qtp.qmailtoaster.com/trac
Then, with root privileges, run qtp-install-sanesecurity. More info here:
http://qtp.qmailtoaster.com/trac/wiki/Features#qtp-install-sanesecurity
Then, edit /etc/clamav-unofficial-sigs.conf. There's a section that
starts like this:
# ========================
# Sanesecurity Database(s)
# ========================
In this section, there's a statement:
ss_dbs="
<lots of>
<signature>
<db names>
"
If you want to run -only- the foxhole signatures, remove all the other
signature DB names between the quotes and add the foxhole signature db
name of your choice on a line by itself between the quotes. There's at
least three foxhole signature databases so you'll need to choose which
one's right for you. More info here:
http://sanesecurity.com/foxhole-databases/
The SaneSecurity updater script also downloads SecuriteInfo and
MalwarePatrol databases. If you want to prevent this you'll also need
to comment out the corresponding sections in clamav-unofficial-sigs.conf.
Regards,
Brent Gardner
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]