====================
GENERAL INFORMATION:
====================

This is property of eXtremeSHOK.com
You are free to use, modify and distribute, however you may not remove this notice.
Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
License: BSD (Berkeley Software Distribution)

Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs

## Description
The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, Securiteinfo, MalwarePatrol, Yara-Rules Project, etc. The script will also generate and install cron, logrotate, and man files.

Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs

==========================
INSTALLATION INSTRUCTIONS:
==========================

WARNING:  Renaming any of the files included in the tarball may cause the script to fail to remove
all files, databases, and work directories from the system if the '-r' (remove script) flag is used.

Make sure you do not have the package installed via yum/apt
  Debian/Ubuntu:
    apt-get purge clamav-unofficial-sigs
  RHEL/CentOS:
    yum purge clamav-unofficial-sigs

Download the latest archive
  wget -q --no-check-certificate https://github.com/extremeshok/clamav-unofficial-sigs/archive/master.zip -O /tmp/clamav-unofficial-sigs.zip

Uncompress/Unpackage the archive:
   unzip -j -qq -o /tmp/clamav-unofficial-sigs.zip -d /tmp/clamav-unofficial-sigs/

### Quick Install Guide
* Download the files to /tmp/
* Copy clamav-unofficial-sigs.sh to /usr/local/sbin/
* Set 755 permissions on  /usr/local/sbin/clamav-unofficial-sigs.sh
* Make the directory /etc/clamav-unofficial-sigs/
* Copy the contents of config/ into /etc/clamav-unofficial-sigs/
* Rename the your os.your-distro.conf to os.conf, where your-distro is your distribution
* Set your user config options in the configs /etc/clamav-unofficial-sigs/user.conf
* Run the script with --install-cron to install the cron file
* Run the script with --install-logrotate to install the logrotate file
* Run the script with --install-man to install the man file

Install:
* mkdir -p /usr/local/sbin/
* mkdir -p /var/log/clamav-unofficial-sigs/
* mkdir -p /etc/clamav-unofficial-sigs/
* cp -f /tmp/clamav-unofficial-sigs/clamav-unofficial-sigs.sh /usr/local/sbin/clamav-unofficial-sigs.sh
* chmod +x /usr/local/sbin/clamav-unofficial-sigs.sh
* cp -f /tmp/clamav-unofficial-sigs/config/*.* /etc/clamav-unofficial-sigs/

Install Systemd configs:
* cp -f /tmp/clamav-unofficial-sigs/systemd/*.* /etc/systemd/

Configure:
* Rename the /etc/clamav-unofficial-sigs/os.your-distro.conf to os.conf
* Edit the /etc/clamav-unofficial-sigs/master.conf, os.conf , user.conf files
* Edit the /etc/logrotate.d/clamav-unofficial-sigs file
* Edit the /etc/cron.d/clamav-unofficial-sigs file

Install Cron configs:
* After the configs have been configured
* Run:  bash clamav-unofficial-sigs.sh --install-cron:

Install logrotate configs::
* After the configs have been configured
* Run:  bash clamav-unofficial-sigs.sh --install-logrotate

Install man (help) file:
* After the configs have been configured
* Run:  bash clamav-unofficial-sigs.sh --install-man:

### First Usage
* Run the script once as your superuser to set all the permissions and create the relevant directories

IMPORTANT CONFIGURATION CONSIDERATIONS:
* Make sure that the PATH statement correctly defines the location of your binary files.  These include: find, sed, awk, cut, grep, tail, chown, chmod, cmp, diff, dig, host, gzip, ls, cp, mv,  test, gpg, xargs, sleep, urandom, cksum, rsync, curl, socat, etc.  It has been reported that on Sun systems, the GNU utilities should be used rather than the default Sun versions.
* System shell setting:  Based on user feedback, it has been reported that "sh" works best for BSD variants, "ksh" for Sun Solaris, and "bash" for Linux variants.  If you experience problems running the script, please try editing the top line of the script file and changing "sh" to either "ksh" or "bash" before reporting a problem.
* Adjust configuration settings to meet your system requirements.

==================
USAGE INFORMATION:
==================

To run at specific time intervals, either use the include cron file or edit the user crontab:
   /etc/cron.d/clamav-unofficial-sigs

To run manually:
   /usr/local/sbin/clamav-unofficial-sigs.sh

===================
SCRIPT FLAGS USAGE:
===================

## USAGE

Usage: clamav-unofficial-sigs.sh [OPTION] [PATH|FILE]

-c, --config    Use a specific configuration file or directory
        eg: '-c /your/dir' or ' -c /your/file.name'
        Note: If a directory is specified the directory must contain atleast:
        master.conf, os.conf or user.conf
        Default Directory: /etc/clamav-unofficial-sigs

-F, --force     Force all databases to be downloaded, could cause ip to be blocked

-h, --help      Display this script's help and usage information

-V, --version   Output script version and date information

-v, --verbose   Be verbose, enabled when not run under cron

-s, --silence   Only output error messages, enabled when run under cron

-d, --decode-sig        Decode a third-party signature either by signature name
        (eg: Sanesecurity.Junk.15248) or hexadecimal string.
        This flag will 'NOT' decode image signatures

-e, --encode-string     Hexadecimal encode an entire input string that can
        be used in any '*.ndb' signature database file

-f, --encode-formatted  Hexadecimal encode a formatted input string containing
        signature spacing fields '{}, (), *', without encoding
        the spacing fields, so that the encoded signature
        can be used in any '*.ndb' signature database file

-g, --gpg-verify        GPG verify a specific Sanesecurity database file
        eg: '-g filename.ext' (do not include file path)

-i, --information       Output system and configuration information for
        viewing or possible debugging purposes

-m, --make-database     Make a signature database from an ascii file containing
        data strings, with one data string per line.  Additional
        information is provided when using this flag

-t, --test-database     Clamscan integrity test a specific database file
        eg: '-s filename.ext' (do not include file path)

-o, --output-triggered  If HAM directory scanning is enabled in the script's
        configuration file, then output names of any third-party
        signatures that triggered during the HAM directory scan

-w, --whitelist Adds a signature whitelist entry in the newer ClamAV IGN2
        format to 'my-whitelist.ign2' in order to temporarily resolve
        a false-positive issue with a specific third-party signature.
        Script added whitelist entries will automatically be removed
        if the original signature is either modified or removed from
        the third-party signature database

--check-clamav  If ClamD status check is enabled and the socket path is correctly
        specifiedthen test to see if clamd is running or not

--install-all   Install and generate the cron, logroate and man files, autodetects the values
         based on your config files

--install-cron  Install and generate the cron file, autodetects the values
        based on your config files

--install-logrotate     Install and generate the logrotate file, autodetects the
        values based on your config files

--install-man   Install and generate the man file, autodetects the
         values based on your config files

--remove-script     Remove the clamav-unofficial-sigs script and all of
        its associated files and databases from the system

### Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs

Original Script can be found at: http://sourceforge.net/projects/unofficial-sigs
