At 03:17 AM 5/8/2007, Alexander Grüner wrote: >Ralf, > >I wrote a small script by myself - very simpel. It seems to work now for >months. > >#!/bin/sh >cd /tmp ># Unofficial Phising rules for ClamAV >wget -nd -m http://ftp.tiscali.nl/sanesecurity/phish.ndb.gz >wget -nd -m http://ftp.tiscali.nl/sanesecurity/scam.ndb.gz >cp phish.ndb.gz /var/lib/clamav/ >cp scam.ndb.gz /var/lib/clamav/ >cd /var/lib/clamav >gunzip -f phish.ndb.gz >gunzip -f scam.ndb.gz >chown vscan:vscan phish.ndb >chown vscan:vscan scam.ndb >rcclamd restart > >Run by root via crontab.
The above is not particularly safe. For add-on signatures, it's important to test the signatures with "clamscan -d phish.ndb /some/small/file" *before* copying them into the "live" clam signature directory. Freshclam does this for you for the official signatures. If the add-on file is corrupted or just the wrong format for some reason, copying it into the clam signature directory will cause clam to refuse to run. A safe (but not very clever) script would look like: #!/bin/sh cd /tmp wget -nd -m http://ftp.tiscali.nl/sanesecurity/phish.ndb.gz && \ gunzip -f phish.ndb.gz && \ clamscan -d phish.ndb phish.ndb && \ cp phish.ndb /var/lib/clamav/ && \ chown vscan:vscan /var/lib/clamav/phish.ndb wget -nd -m http://ftp.tiscali.nl/sanesecurity/scam.ndb.gz && \ gunzip -f scam.ndb.gz && \ clamscan -d scam.ndb scam.ndb && \ cp scam.ndb /var/lib/clamav/ && \ chown vscan:vscan /var/lib/clamav/scam.ndb rcclamd restart -- Noel Jones _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
