Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Additional Signatures for ClamAV
« previous
next »
Print
Pages: [
1
]
Author
Topic: Additional Signatures for ClamAV (Read 13352 times)
PotatoCarl
Full Member
Posts: 134
Karma: 5
Additional Signatures for ClamAV
«
on:
August 29, 2019, 09:42:28 am »
Hi
I noticed there is an option for "additional signatures" in ClamAV.
So, I wonder: How are experiences with that? I would guess that it makes sense on a firewall, but maybe you get a lot of totally new and exciting problems.
Second: Does anyone have a comprehensive list of such additional signatures (free/open source would be preferred)?
Thanks.
Logged
marcri
Jr. Member
Posts: 60
Karma: 5
Re: Additional Signatures for ClamAV
«
Reply #1 on:
August 29, 2019, 11:29:01 am »
Hi,
here is my list for freshclam:
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/junk.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/phish.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/rogue.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/scam.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/spamimg.hdb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/spamattach.hdb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/blurl.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/foxhole_js.cdb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/foxhole_js.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/foxhole_all.cdb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/foxhole_all.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/foxhole_mail.cdb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/badmacro.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/shelter.ldb
# winnow
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/winnow_phish_complete_url.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb
# Malware.expert
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/malware.expert.hdb
# bofhland
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
# Porcupine
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/porcupine.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/phishtank.ndb
DatabaseCustomURL
http://ftp.swin.edu.au/sanesecurity/porcupine.hsb
And I have some YARA-Rules from Github with my own modifications included...
Logged
hbc
Hero Member
Posts: 501
Karma: 47
Re: Additional Signatures for ClamAV
«
Reply #2 on:
August 29, 2019, 03:23:00 pm »
https://sanesecurity.com/usage/signatures/
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
PotatoCarl
Full Member
Posts: 134
Karma: 5
Re: Additional Signatures for ClamAV
«
Reply #3 on:
August 30, 2019, 01:11:02 pm »
@hbc I found that site, too, but I have no idea how to implement them. The script "unofficial-signatures.sh" is not made for opensense, so I would have to find the suitable links?
@marci thank you this is very helpful. I assume you directly added them in the freshclam.conf and not via the webinterface?
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Additional Signatures for ClamAV
«
Reply #4 on:
August 30, 2019, 01:12:13 pm »
Just add the URL to UI, rest is done by the plugin
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
PotatoCarl
Full Member
Posts: 134
Karma: 5
Re: Additional Signatures for ClamAV
«
Reply #5 on:
August 30, 2019, 01:22:13 pm »
Thanks. Cool.
Logged
LouieLouie
Newbie
Posts: 43
Karma: 8
Re: Additional Signatures for ClamAV
«
Reply #6 on:
August 30, 2019, 02:25:47 pm »
Quote from: marcri on August 29, 2019, 11:29:01 am
Hi,
here is my list for freshclam :
(...)
Thank you very much for sharing this information!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Additional Signatures for ClamAV