Update 200125

.gitattributes

@@ -0,0 +1,2 @@
+# Auto detect text files and perform LF normalization
+* text=auto

download/clamav-unofficial-sigs/.t/tests/user.conf

@@ -24,7 +24,7 @@ enable_yararules="no"
 
 # Default dbs rating
 # valid rating: LOW, MEDIUM, HIGH
-default_dbs_rating="MEDIUM"
+default_dbs_rating="HIGH"
 
 # Per Database
 # These ratings will override the global rating for the specific database
@@ -50,7 +50,10 @@ securiteinfo.hdb|LOW
 javascript.ndb|LOW
 securiteinfohtml.hdb|LOW
 securiteinfoascii.hdb|LOW
-securiteinfopdf.hdb|LOW 
+securiteinfopdf.hdb|LOW
 securiteinfoandroid.hdb|LOW #
 spam_marketing.ndb|HIGH
 ) #END SECURITEINFO DATABASES
+
+# Enable all debug options
+debug="yes"

download/clamav-unofficial-sigs/.t/tests/user_wget.conf

@@ -57,3 +57,6 @@ spam_marketing.ndb|HIGH
 
 #foce wget
 force_wget="yes"
+
+# Causes wget errors to be vebose
+wget_debug="yes"

download/clamav-unofficial-sigs/INSTALL.md

@@ -13,22 +13,35 @@ Script updates can be found at: https://github.com/extremeshok/clamav-unofficial
 * Mac OSX : https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/macosx.md
 * pFsense : https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/pfsense.md
 
+# GENERIC UPGRADE INSTRUCTIONS (version 7.0 +)
+```
+clamav-unofficial-sigs.sh --upgrade
+clamav-unofficial-sigs.sh --force
+```
+
+# GENERIC UPGRADE INSTRUCTIONS (version 6.1 and below)
+```
+wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh -O /usr/local/sbin/clamav-unofficial-sigs.sh && chmod 755 /usr/local/sbin/clamav-unofficial-sigs.sh
+wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf -O /etc/clamav-unofficial-sigs/master.conf
+clamav-unofficial-sigs.sh --force
+```
+
 # GENERIC INSTALLATION INSTRUCTIONS
 
 ## Install
 Run the following commands in shell (console/terminal)
 ```
 mkdir -p /usr/local/sbin/
-wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh -c -O /usr/local/sbin/clamav-unofficial-sigs.sh && chmod 755 /usr/local/sbin/clamav-unofficial-sigs.sh
+wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh -O /usr/local/sbin/clamav-unofficial-sigs.sh && chmod 755 /usr/local/sbin/clamav-unofficial-sigs.sh
 mkdir -p /etc/clamav-unofficial-sigs/
-wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf -c -O /etc/clamav-unofficial-sigs/master.conf
-wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/user.conf -c -O /etc/clamav-unofficial-sigs/user.conf
+wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf -O /etc/clamav-unofficial-sigs/master.conf
+wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/user.conf -O /etc/clamav-unofficial-sigs/user.conf
 ```
 Select your operating system config from https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/config/
-**replace os.ubuntu.conf with your required config, centos7 = os.centos7.conf**
+**replace os.ubuntu.conf with your required config, centos7/8 = os.centos.conf , debian9/10 = os.debian.conf **
 ```
 os_conf="os.ubuntu.conf"
-wget "https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/os/${os_conf}" -c -O /etc/clamav-unofficial-sigs/os.conf
+wget "https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/os/${os_conf}" -O /etc/clamav-unofficial-sigs/os.conf
 ```
 
 ### Optional: configure your user config /etc/clamav-unofficial-sigs/user.conf
@@ -54,9 +67,13 @@ script must run once as your superuser to set all the permissions and create the
 ### OR
 #### systemd
 ```
-wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/systemd/clamav-unofficial-sigs.service -c -O /etc/systemd/system/clamav-unofficial-sigs.service
-wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/systemd/clamav-unofficial-sigs.timer -c -O /etc/systemd/system/clamav-unofficial-sigs.timer
-wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/systemd/clamd.scan.service -c -O /etc/systemd/system/clamd.scan.service
+mkdir -p /etc/systemd/system/
+wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/systemd/clamav-unofficial-sigs.service -O /etc/systemd/system/clamav-unofficial-sigs.service
+wget https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/systemd/clamav-unofficial-sigs.timer -O /etc/systemd/system/clamav-unofficial-sigs.timer
+
+systemctl enable clamav-unofficial-sigs.service
+systemctl enable clamav-unofficial-sigs.timer
+systemctl start clamav-unofficial-sigs.timer
 ```
 
 ### Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs

download/clamav-unofficial-sigs/LICENSE

@@ -1,6 +1,7 @@
 This is property of eXtremeSHOK.com
 You are free to use, modify and distribute, however you may not remove this notice.
 Copyright (c) Adrian Jon Kriel :: [email protected]
+License: BSD (Berkeley Software Distribution)
 
 Originially based on:
 Copyright (c) 2007 - 2013, Bill Landry ([email protected])

download/clamav-unofficial-sigs/README.md

@@ -2,14 +2,12 @@
 
 ClamAV Unofficial Signatures Updater
 
-Github fork of the sourceforge hosted and non maintained utility.
-
 ## Maintained and provided by https://eXtremeSHOK.com
 
 ## Description
-The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol, Yara-Rules Project, etc. The script will also generate and install cron, logrotate, and man files.
+The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol, Yara-Rules Project, urlhaus, etc. The script will also generate and install cron, logrotate, and man files.
 
-## Checkout some of our other solutions: https://github.com/extremeshok?tab=repositories
+### Checkout some of our other solutions: https://github.com/extremeshok?tab=repositories
 
 ### Support / Suggestions / Comments
 Please post them on the issue tracker : https://github.com/extremeshok/clamav-unofficial-sigs/issues
@@ -23,22 +21,32 @@ Please post them on the issue tracker : https://github.com/extremeshok/clamav-un
 ### Supported Operating Systems
 Debian, Ubuntu, Raspbian, CentOS (RHEL and clones), OpenBSD, FreeBSD, OpenSUSE, Archlinux, Mac OS X, Slackware, Solaris (Sun OS), pfSense, Zimbra and derivative systems  
 
-### Quick Install Guide
+### Quick Install and Upgrade Guide
 https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/INSTALL.md
 
-### Operating System Specific Install Guides
+### Operating System Specific Install and Upgrade Guides
 * CentOS : https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/centos7.md
 * Ubuntu : https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/ubuntu-debian.md
 * Debian : https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/ubuntu-debian.md
 * Mac OSX : https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/macosx.md
 * pFsense : https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/guides/pfsense.md
 
+### UPGRADE INSTRUCTIONS (version 7.0 +)
+```
+clamav-unofficial-sigs.sh --upgrade
+clamav-unofficial-sigs.sh
+```
+
+### FOR PACKAGE MAINTAINERS / PACKAGERS
+Please use the sample package os.*.conf as a base for your os.conf, this will disable automatic updates, update notifications and the uninstallation feature. https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/config/packaging
+
 ### Always Run the script once as your superuser to set all the permissions and create the relevant directories
 
 ### Advanced Config Overrides
 * Default configs are loaded in the following order if they exist:
-* master.conf -> os.conf -> user.conf or your-specified.config
-* user.conf will override os.conf and master.conf, os.conf will override master.conf
+* master.conf -> os.conf -> os.*.conf -> user.conf or your-specified.config
+* user.conf will always override os.conf and master.conf, os.conf will override master.conf
+* please do not alter the master.conf, rather create a user.conf 
 * A minimum of 1 config is required.
 * Specifying a config on the command line (-c | --config) will override the loading of the default configs
 
@@ -55,9 +63,14 @@ https://github.com/extremeshok/clamav-unofficial-sigs/tree/master/INSTALL.md
 ```setsebool -P antivirus_can_scan_system true```
 
 ### Yara Rule Support automatically enabled (as of April 2016)
-Since usage yara rules requires clamav 0.99 or above, they will be automatically deactivated if your clamav is older than the required version
+Since usage yara rules requires clamav 0.100 or above, they will be automatically deactivated if your clamav is older than the required version
+
+
+### URLhaus Support (as of January 2020)
+Usage of free URLhaus Database: https://urlhaus.abuse.ch
+- Enabled by default
 
-### Yara-Rules Project Support (as of June 2015)
+### Yara-Rules Project Support (as of June 2015, updated January 2020)
 Usage of free Yara-Rules Project: http://yararules.com
 - Enabled by default
 
@@ -81,9 +94,12 @@ Usage of SecuriteInfo 2015 free clamav signatures : https://www.securiteinfo.com
    Your 128 character authorisation signature would be : your_unique_and_very_long_random_string_of_characters
  - 6. Enter the authorisation signature into the config securiteinfo_authorisation_signature: replacing YOUR-SIGNATURE-NUMBER with your authorisation signature from the link
 
-### Linux Malware Detect support (as of May 2015)
+### Linux Malware Detect support (as of May 2015, updated January 2020)
 Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/projects/linux-malware-detect/
  - Enabled by default, no configuration required
+
+### Need a database added ? Missing a database or a database not working ?
+Please post on the issue tracker : https://github.com/extremeshok/clamav-unofficial-sigs/issues
 
 ## USAGE
 
@@ -160,6 +176,9 @@ Usage: clamav-unofficial-sigs.sh 	 [OPTION] [PATH|FILE]
   specifiedthen test to see if clamd is running or not
 
 
+--upgrade 	 Upgrades this script and master.conf to the latest available version
+
+
 --install-all 	 Install and generate the cron, logroate and man files, autodetects the values
   based on your config files
 
@@ -180,6 +199,42 @@ Usage: clamav-unofficial-sigs.sh 	 [OPTION] [PATH|FILE]
   its associated files and databases from the system
 
 ## Change Log
+### Version 7.0.1 (Updated 25 January 2020)
+ - Disable yara project rules duplicated in rxfn.yara (Thanks @dominicraf)
+ - Incremented the config to version 91
+
+### Version 7.0.0 (Updated 24 January 2020)
+ - eXtremeSHOK.com Maintenance
+ - Added urlhaus database
+ - Added extra yararulesproject databases
+- Added new linuxmalwaredetect yara file
+ - Automatic upgrades ( --upgrade )
+ - Added --upgrade command line option
+ - Option to disable automatic upgrades ( allow_upgrades )
+ - Option to disable update checks (allow_update_checks)
+ - Increase download time to 1800 seconds from 600 seconds
+ - os.conf takes preference over os.***.conf
+ - Warn if there are multiple os.***.conf files
+ - More sanity checks to help users and prevent errors
+ - Better output of --info
+ - Fix all known bugs
+ - Implement all suggestions
+ - Fixed yararulesproject database names
+ - Correctly silence curl and wget
+ - New linuxmalwaredetect logic
+ - New malwarepatrol logic
+ - Suppress --- and === from the logs
+ - Update the documentation / guides
+ - Increase minimum clamav version for yara rules to 0.100 or above
+ - Fix systemd.timer and systemd.service files
+ - More travis-ci tests
+ - Added os.alpine.conf
+ - Added debug options/mode to config
+ - Set minimum config required to 90
+ - Lots of refactoring and optimizing
+ - Only check for and notify about script updates every 12hours
+ - Incremented the config to version 90
+
 ### Version 6.1.1 (Updated 02 September 2019)
  - eXtremeSHOK.com Maintenance
  - Update os.archlinux.conf, thanks @amishmm
@@ -211,7 +266,7 @@ Usage: clamav-unofficial-sigs.sh 	 [OPTION] [PATH|FILE]
  - Sanitize whitelist input string (Remove quotes and .UNOFFICIAL)
  - Added Full support for Hash-based Signature Databases
  - User.conf is pre-configured with default options to allow for quicker setup
- - Default sanesecurity and linuxmalwaredetect to enabled
+ - Default sanesecurity and LinuxMalwareDetect to enabled
  - Increase default retries from 3 to 5
  - Ensure log file permissions are correct
  - Better update comparison check, only notify if newer
@@ -638,7 +693,7 @@ Usage: clamav-unofficial-sigs.sh 	 [OPTION] [PATH|FILE]
  - sig-boundary patch by Alan Stern
  - create intermediate monitor-ign-old.txt to prevent reading and writing of local.ign by Alan Stern
 
-### Version 4.0.0
+### Version 4.0.0 (Released 9 May 2015)
  - eXtremeSHOK.com Maintenance
  - Enabled all low false positive sources by default
  - Added all Sanesecurity database files
@@ -655,5 +710,3 @@ Usage: clamav-unofficial-sigs.sh 	 [OPTION] [PATH|FILE]
 
 ## Script updates can be found at:
 ### https://github.com/extremeshok/clamav-unofficial-sigs
-
-Original Script can be found at: http://sourceforge.net/projects/unofficial-sigs