[MOD] Adicionando novas assinaturas ao Clamav do PMG

Mensagem por **marceloleaes** » 23 Jul 2022 12:22

Segue passo a passo para adicionar novas assinaturas ao Clamav, todas da lista não necessitam registro e podem ser usadas a vontade.

1 - Copiando e editando o template

Código: Selecionar todos

cp /var/lib/pmg/templates/freshclam.conf.in /etc/pmg/templates/freshclam.conf.in
nano /etc/pmg/templates/freshclam.conf.in

Adicione ao final do arquivo:

Código: Selecionar todos

# Malware
DatabaseCustomURL https://cdn.malware.expert/malware.expert.ndb
DatabaseCustomURL https://cdn.malware.expert/malware.expert.hdb
DatabaseCustomURL https://cdn.malware.expert/malware.expert.ldb
DatabaseCustomURL https://cdn.malware.expert/malware.expert.fp

# Sanesecurity + Foxhole
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/MiscreantPunch099-INFO-Low.ldb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/MiscreantPunch099-Low.ldb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/Sanesecurity_BlackEnergy.yara
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/Sanesecurity_sigtest.yara
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/Sanesecurity_spam.yara
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/badmacro.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/blurl.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/crdfam.clamav.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/doppelstern-phishtank.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/doppelstern.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/doppelstern.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_all.cdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_all.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_js.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_mail.cdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/junk.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/jurlbla.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/lott.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/phish.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/rogue.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/scam.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/scamnailer.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/shelter.ldb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/spam.ldb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/spamattach.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/spamimg.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/spear.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/spearl.ndb

# Winnow
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow.complex.patterns.ldb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow_extended_malware_links.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow_phish_complete.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow_phish_complete_url.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow_spam_complete.ndb

# Bofhland
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb


# Porcupine
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/porcupine.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/phishtank.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/porcupine.hsb

# Maldet
DatabaseCustomURL https://www.rfxn.com/downloads/rfxn.ndb
DatabaseCustomURL https://www.rfxn.com/downloads/rfxn.hdb

2 - Aplicando e reiniciando os serviços

Código: Selecionar todos

pmgconfig sync --restart 1
systemctl restart pmg-smtp-filter pmgpolicy postfix

Acompanhe através da interface web se a atualização está correndo bem ou pode forçar atualizar e acompanhar.