Skip to content

Releases: extremeshok/clamav-unofficial-sigs


20 Mar 02:49
Choose a tag to compare
  • Maintenance
  • Added : os.centos7-cpanel.conf
  • Refactor : bsd support for tar, remove gnu-tar requirement
  • Refactor : remove gnu-sed requirement
  • Refactor : bsd support for stat command


18 Mar 04:33
Choose a tag to compare
  • Maintenance
  • Disabled winnow_malware.yara , duplicated in EMAIL_Cryptowall.yar and no longer maintained
  • Removed gtar requirement (--wildcards is the default)
  • Incremented the config to version 97


18 Mar 03:49
Choose a tag to compare
  • Maintenance
  • Whitelist support for yararules (whitelist signature tracking is disabled for yararules)
  • Disable JJencode.yar , due to excessive CPU usage
  • Disable scamnailer , discontinued
  • Update pfsense guide for 2.5
  • Fix working directory variable "urlhausy" to "urlhaus"
  • Fix missing tracker-tmp.txt
  • Thank you @perplexityjeff


20 Dec 21:17
Choose a tag to compare
  • Maintenance
  • Use POSIX character classes instead of literals
  • Prevent linuxmalwaredetect yara files being extracted when yara is not supported
  • Replace echo with xshok_pretty_echo_and_log to silence database cleanup cron messages


14 Dec 01:16
Choose a tag to compare
  • Maintenance
  • Change yararule email/Email_generic_phishing.yar to HIGH
  • New config option: force_host, by default dig is used when dig and host is present.
  • Refactor and correct the assigning of binaries/commands
  • Fix broken yara rule database names: Maldoc_hancitor_dropper and Maldoc_APT19_CVE-2017-1099
  • Ensure only dig or host is used when either dig or host is enabled
  • Enable remove_disabled_databases by default
  • Fix disabled databases removed when "$remove_disabled_databases" is set to "no"
  • Incremented the config to version 95


07 Dec 08:38
Choose a tag to compare
  • maintenance
  • Database rating downgrades are now supported, eg, changing from HIGH to LOW will remove the HIGH and MEDIUM rated databases.
  • Disabled databases are automatically removed
  • Disable databases by setting the rating to "DISABLED" eg. securiteinfo_dbs_rating="DISABLED" will disable all securiteinfo databases
  • Added Malware Expert databases (non-free)
  • Added interServer databases (free)
  • Reworked securiteinfo premium databases (non-free)
  • Added malwarepatrol_db to specify the exact database name (default: malwarepatrol.db)
  • Added detection of tar executable (use gtar on mac and bsd)
  • Config os.macosx.conf renamed to os.macos.conf
  • Fix: set ownership of last-version-check.txt
  • More automated linting and testing (markdown and macOS / osx) via travis-ci
  • Updated macOS installation guide for Big Sur (OSX 11)
  • Incremented the config to version 94
  • Thank you @dandanio @jkellerer @msapiro @shawniverson
  • Enforce HTTPS validation by default
  • Updated sanesecurity publickey.gpg url to use SSL
  • Ignore yara files that include modules
  • Enabled yararulesproject rules by default
  • os.gentoo.conf: disable updates and upgrade checks
  • Fix: URLhaus log message
  • Fix wrong download URL for MalwarePatrol
  • Fix: fallback to host if dig is not used
  • Disable cron MAILTO
  • BSD read config fix
  • Incremented the config to version 92
  • Thank you @dandanio @jkellerer @m0urs @Mrothyr @msapiro @orlitzky @RobbieTheK @SlothOfAnarchy


25 Jan 12:03
Choose a tag to compare

Disable yara project rules duplicated in rxfn.yara (Thanks @dominicraf)
Incremented the config to version 91


24 Jan 20:25
Choose a tag to compare
  • Maintenance
  • Added urlhaus database
  • Added extra yararulesproject databases
  • Added new linuxmalwaredetect yara file
  • Automatic upgrades ( --upgrade )
  • Added --upgrade command line option
  • Option to disable automatic upgrades ( allow_upgrades )
  • Option to disable update checks (allow_update_checks)
  • Increase download time to 1800 seconds from 600 seconds
  • os.conf takes preference over os.***.conf
  • Warn if there are multiple os.***.conf files
  • More sanity checks to help users and prevent errors
  • Better output of --info
  • Fix all known bugs
  • Implement all suggestions
  • Fixed yararulesproject database names
  • Correctly silence curl and wget
  • New linuxmalwaredetect logic
  • New malwarepatrol logic
  • Suppress --- and === from the logs
  • Update the documentation / guides
  • Increase minimum clamav version for yara rules to 0.100 or above
  • Fix systemd.timer and systemd.service files
  • More travis-ci tests
  • Added os.alpine.conf
  • Added debug options/mode to config
  • Set minimum config required to 90
  • Lots of refactoring and optimizing
  • Only check for and notify about script updates every 12hours
  • Incremented the config to version 90


02 Sep 22:42
Choose a tag to compare Maintenance
Update os.archlinux.conf, thanks @amishmm
master.conf set default dbs rating to medium
user.conf better suggested values
Default to using curl, less logic required (lower cpu)
force_curl replaced with force_wget
Fix: suppress all non-error output under cron/non interactive terminal
Fix: check log file is not a link before setting permissions, only set if owned by root.
Fix: failed to create symbolic link
Fix: curl --compress ->> curl --compressed
Minor enhancement to travis-ci checks
Incremented the config to version 77


27 Aug 20:09
Choose a tag to compare
  • Maintenance
  • Thanks Reio Remma & Oliver Nissen
  • fail added to all curl commands
  • Fix: Missing logic for LOWMEDIUMONLY | MEDIUMHIGHONLY | HIGHONLY databases
  • Support for either os.osname.conf or os.conf files (no more needing to rename the os.osname.conf to os.conf)
  • Where possible replaced echo with xshok_pretty_echo_and_log
  • Refactor xshok_pretty_echo_and_log and make all notices styles consistent
  • Silence output when run under cron
  • add MAILTO=root to the generated cron file
  • Add full proxy support for wget, curl, rsync, dig, host
  • Better support for proxy config variables
  • New config variable: git_branch (defaults to master for the update checks)
  • allow -w signature for quicker whitelisting
  • Sanitize whitelist input string (Remove quotes and .UNOFFICIAL)
  • Added Full support for Hash-based Signature Databases
  • User.conf is pre-configured with default options to allow for quicker setup
  • Default sanesecurity and linuxmalwaredetect to enabled
  • Increase default retries from 3 to 5
  • Ensure log file permissions are correct
  • Better update comparison check, only notify if newer
  • Incremented the config to version 76