ClamAV is an open source ant-virus engine for detecting trojans, viruses, malware & other malicious threats.
Malware Patrol provides signatures that are compatible with ClamAV software. You can follow these simple steps to configure your ClamAV instance and protect your internal network, computers, and users from getting infected by malware.
1) Make sure your ClamAV instance is installed and working properly. There are a few resources on the internet that can help you configure ClamAV in your platform. If you are experiencing trouble installing and configuring ClamAV, start at the following URL: http://www.clamav.net/documents/installing-clamav.
You should also be able to use distribution specific tools like apt-get and yum to install ClamAV software. For example: apt-get install clamav.
If you have Extremeshok’s clamav-unofficial-sigs properly installed, skip to step 14.
2) Install curl. For example: apt-get install curl
3) Install rsync. For example: apt-get install rsync
4) Install unzip. For example: apt-get install unzip
5) cd /tmp
6) wget -O clamav-unofficial-sigs.zip ‘https://github.com/extremeshok/clamav-unofficial-sigs/archive/master.zip’
7) unzip /tmp/clamav-unofficial-sigs.zip
8) cp /tmp/clamav-unofficial-sigs-master/clamav-unofficial-sigs.sh /usr/local/bin
9) chmod 755 /usr/local/bin/clamav-unofficial-sigs.sh
10) mkdir -p /etc/clamav-unofficial-sigs
11) cp /tmp/clamav-unofficial-sigs-master/config/master.conf /etc/clamav-unofficial-sigs/
12) cp /tmp/clamav-unofficial-sigs-master/config/user.conf /etc/clamav-unofficial-sigs/
13) cd /etc/clamav-unofficial-sigs/
14) edit /etc/clamav-unofficial-sigs/master.conf appropriately
Log into your account with Malware Patrol and look for ClamAV. Right click on download and select Copy link location, you will need this URL in the next steps. It will look like this:
https://lists.malwarepatrol.net/cgi/getfile?receipt=YOUR_RECEIPT-NUMBER&product=41&list=clamav_basic
You will need your receipt number, product code, and list name from this URL.
malwarepatrol_enabled=yes
malwarepatrol_receipt_code=YOUR-RECEIPT-NUMBER (Get this number from your Malware Patrol download URL.)
malwarepatrol_product_code=41 (Get this number from your Malware Patrol download URL.)
malwarepatrol_list=clamav_basic # clamav_basic or clamav_ext (Get the list name from your Malware Patrol download URL.)
malwarepatrol_free=no
clam_user=clamav
clam_group=clamav
user_configuration_complete=yes
15) Clean unnecessary files: rm -rf /tmp/clamav-unofficial-sigs*
16) Execute the first update: /usr/local/bin/clamav-unofficial-sigs.sh
17) Configure a new cronjob to update ClamAV signatures every hour: MM * * * * /usr/local/bin/clamav-unofficial-sigs.sh
If you experience any difficulties configuring ClamAV software to use Malware Patrol blocklists, please make sure it is working properly and contact our tech support at support (@) malwarepatrol.net.