NethServer Version: 8
Module: Mail
I just testing NS8, please advise step by step to configure ClamAV with Signature from SecuriteInfo.
Hi,
I try this step by step, please correct me if I’m wrong.
-
Access to the mail1 container’s console
runagent -m mail1 bash -l
-
Edit the environment
vi environment
#Add following line and save
CLAMAV_CUSCFG_VOLUME_FLAG=Z
-
Restart ClamAV
systemctl --user restart clamav
-
Access to the clamav container’s console
podman exec -ti clamav bash
-
Edit freshclam.conf
vi /etc/clamav/freshclam.conf
#Add following line and save
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/YOUR-SIGNATURE-NUMBER/securiteinfo.ign2
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/YOUR-SIGNATURE-NUMBER/javascript.ndb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/YOUR-SIGNATURE-NUMBER/spam_marketing.ndb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/YOUR-SIGNATURE-NUMBER/securiteinfohtml.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/YOUR-SIGNATURE-NUMBER/securiteinfoascii.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/YOUR-SIGNATURE-NUMBER/securiteinfoandroid.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/YOUR-SIGNATURE-NUMBER/securiteinfoold.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/YOUR-SIGNATURE-NUMBER/securiteinfopdf.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/YOUR-SIGNATURE-NUMBER/securiteinfo0hour.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/YOUR-SIGNATURE-NUMBER/securiteinfo.mdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/YOUR-SIGNATURE-NUMBER/securiteinfo.yara
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/YOUR-SIGNATURE-NUMBER/securiteinfo.pdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/YOUR-SIGNATURE-NUMBER/securiteinfo.wdb
-
Edit user.conf
vi /etc/clamav-unofficial-sigs/user.conf
#Add following line and save
securiteinfo_authorisation_signature="YOUR-SIGNATURE-NUMBER"
Ciao Augustinus.
The procedure for custom AV signatures is documented here: ns8-mail/README.md at main · NethServer/ns8-mail · GitHub.
Your steps are quite similar, however I can’t say if they work or not and if they’re still effective after a Clamav restart.
If something does not work properly, the documentation explains how to revert ClamAV config to the default.
“Yes, I’ve followed the step-by-step instructions from the provided URL and your video regarding containers. I haven’t yet migrated to NS8, as I’m still reviewing the entire configuration process before moving forward. Thanks for your feedback.”
Final working step by step, configuration persistent after restart.
Reference:
- NethServer 8 Deep Dive: how to run generic containers
- ns8-mail/README.md at main · NethServer/ns8-mail · GitHub
- [ns8-mail/clamav/README.md at main · NethServer/ns8-mail · GitHub]
Configure ClamAV for SecuriteInfo Signatures
-
Access to the mail1 container’s console
runagent -m mail1 bash -l
-
Access to the clamav container’s console
podman exec -ti clamav bash -l
-
Edit the user.conf
vi /etc/clamav-unofficial-sigs/user.conf
Add following lines:
#SecuriteInfo
securiteinfo_dbs_rating="MEDIUM"
securiteinfo_authorisation_signature="YOUR-SIGNATURE-NUMBER"
securiteinfo_premium="yes"
Note:
securiteinfo_premium= "yes"
if you have premium account.
user.conf.orig
is pre-configured with default options to allow for quicker setup
File location:/etc/clamav-unofficial-sigs/user.conf.orig
-
Check if signature are being loaded
clamscan --debug 2>&1 /dev/null | grep "loaded"
-
Clamscan integrity test a specific database file
/usr/local/sbin/clamav-unofficial-sigs.sh -t securiteinfo.mdb
-
View clamscan config
clamconf -n
-
Donwload Eicar Test file
mkdir /etc/clamav-unofficial-sigs/eicar
wget -P /etc/clamav-unofficial-sigs/eicar --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" https://www.eicar.org/download/eicar-com/?wpdmdl=8840&refresh=672ff3f3dc4c81731195891
wget -P /etc/clamav-unofficial-sigs/eicar --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" https://www.eicar.org/download/eicar-com-2/?wpdmdl=8842&refresh=672ff3f5047de1731195893
wget -P /etc/clamav-unofficial-sigs/eicar --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" https://www.eicar.org/download/eicar_com-zip/?wpdmdl=8847&refresh=672ff3f6238e11731195894
wget -P /etc/clamav-unofficial-sigs/eicar --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" https://www.eicar.org/download/eicar-com-2-2/?wpdmdl=8848&refresh=672ff3f7425da1731195895
wget -P /etc/clamav-unofficial-sigs/eicar --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" http://www.securiteinfo.com/etc/clamav-unofficial-sigs/eicar/SecuriteInfo.com.Eicar_test_file.13756
wget -P /etc/clamav-unofficial-sigs/eicar --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" http://www.securiteinfo.com/eicar/SecuriteInfo.com.Eicar-Test-Signature.14788.14668.26795
wget -P /etc/clamav-unofficial-sigs/eicar --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" http://www.securiteinfo.com/eicar/SecuriteInfo.com.Eicar_Test_Signature.366
wget -P /etc/clamav-unofficial-sigs/eicar --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" http://www.securiteinfo.com/eicar/SecuriteInfo.com.Eicar_Test_Signature.6363
wget -P /etc/clamav-unofficial-sigs/eicar --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" http://www.securiteinfo.com/eicar/SecuriteInfo.com.Eicar_Test_Signature.6869
-
Test clamscan
clamscan /etc/clamav-unofficial-sigs/eicar/*
Correct result as below:
node:/# clamscan /etc/clamav-unofficial-sigs/eicar/*
Loading: 25s, ETA: 0s [========================>] 13.75M/13.75M sigs
Compiling: 6s, ETA: 0s [========================>] 42/42 tasks/etc/clamav-unofficial-sigs/eicar/SecuriteInfo.com.Eicar-Test-Signature.14788.14668.26795: SecuriteInfo.com.Eicar-Test-Signature.14788.14668.26795.UNOFFICIAL FOUND
/etc/clamav-unofficial-sigs/eicar/SecuriteInfo.com.Eicar_Test_Signature.366: SecuriteInfo.com.Eicar_Test_Signature.366.UNOFFICIAL FOUND
/etc/clamav-unofficial-sigs/eicar/SecuriteInfo.com.Eicar_Test_Signature.6363: SecuriteInfo.com.Eicar_Test_Signature.6363.UNOFFICIAL FOUND
/etc/clamav-unofficial-sigs/eicar/SecuriteInfo.com.Eicar_Test_Signature.6869: SecuriteInfo.com.Eicar_Test_Signature.6869.UNOFFICIAL FOUND
/etc/clamav-unofficial-sigs/eicar/index.html?wpdmdl=8840: Eicar-Test-Signature.UNOFFICIAL FOUND
/etc/clamav-unofficial-sigs/eicar/index.html?wpdmdl=8842: Eicar-Test-Signature.UNOFFICIAL FOUND
/etc/clamav-unofficial-sigs/eicar/index.html?wpdmdl=8847: Eicar-Test-Signature.UNOFFICIAL FOUND
/etc/clamav-unofficial-sigs/eicar/index.html?wpdmdl=8848: Eicar-Test-Signature.UNOFFICIAL FOUND----------- SCAN SUMMARY -----------
Known viruses: 13754279
Engine version: 1.2.2
Scanned directories: 0
Scanned files: 8
Infected files: 8
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 35.764 sec (0 m 35 s)
Start Date: 2024:11:10 07:08:13
End Date: 2024:11:10 07:08:48