Merge pull request #239 from extremeshok/dev

6.1.0
extremeshok · Aug 27, 2019 · fea47d8 · fea47d8
2 parents c4f429b + 70b3565
commit fea47d8
Show file tree

Hide file tree

Showing 8 changed files with 533 additions and 248 deletions.
diff --git a/README.md b/README.md
@@ -167,6 +167,29 @@ Usage: clamav-unofficial-sigs.sh [OPTION] [PATH|FILE]
         its associated files and databases from the system      
 
 ## Change Log
+### Version 6.1.0 (Updated 27 August 2019)
+ - eXtremeSHOK.com Maintenance
+ - Thanks Reio Remma & Oliver Nissen
+ - fail added to all curl commands
+ - Fix: Missing logic for LOWMEDIUMONLY | MEDIUMHIGHONLY | HIGHONLY databases
+ - Support for either os.osname.conf or os.conf files (no more needing to rename the os.osname.conf to os.conf)
+ - Where possible replaced echo with xshok_pretty_echo_and_log
+ - Refactor xshok_pretty_echo_and_log and make all notices styles consistent
+ - Silence output when run under cron
+ - add MAILTO=root to the generated cron file
+ - Add full proxy support for wget, curl, rsync, dig, host
+ - Better support for proxy config variables
+ - New config variable: git_branch (defaults to master for the update checks)
+ - allow -w signature for quicker whitelisting
+ - Sanitize whitelist input string (Remove quotes and .UNOFFICIAL)
+ - Added Full support for Hash-based Signature Databases
+ - User.conf is pre-configured with default options to allow for quicker setup
+ - Default sanesecurity and linuxmalwaredetect to enabled
+ - Increase default retries from 3 to 5
+ - Ensure log file permissions are correct
+ - Better update comparison check, only notify if newer
+ - Incremented the config to version 76
+
 ### Version 6.0.1 (Updated 30 July 2019)
  - eXtremeSHOK.com Maintenance
  - Fix logging @dominicraf

diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh
diff --git a/config/master.conf b/config/master.conf
@@ -384,6 +384,9 @@ Crypto/crypto.yar|HIGH # detect the existence of cryptographic algoritms
 # ==================================================
 # ==================================================
 
+# Branch for update checking, default: master
+git_branch="master"
+
 # Enable or disable download time randomization.  This allows the script to
 # be executed via cron, but the actual database file checking will pause
 # for a random number of seconds between the "min" and "max" time settings
@@ -445,7 +448,7 @@ downloader_connect_timeout="60"
 downloader_max_time="600"
 
 # Set downloader retry count for failed transfers
-downloader_tries="3"
+downloader_tries="5"
 
 # Set working directory paths (edit to meet your own needs). If these
 # directories do not exist, the script will attempt to create them.
@@ -479,15 +482,13 @@ remove_disabled_databases="no" # Default is "no" since we are not a database man
 #
 selinux_fixes="no" # Default is "no" ignore ssl errors and warnings
 
-# If necessary to proxy database downloads, define the rsync and/or wget
-# proxy settings here.  For rsync, the proxy must support connections to
-# port 873.  Both wget and rsync proxy setting need to be defined in the
-# format of "hostname:port".  For wget, also note the https and http
-#rsync_proxy=""
-#curl_proxy=""
-#wget_proxy_http="-e http_proxy=http://username:password@proxy_host:proxy_port"
-#wget_proxy_https="-e https_proxy=https://username:password@proxy_host:proxy_port"
-
+# Proxy Support
+# If necessary to proxy database downloads, define the rsync, curl, wget, dig, hosr proxy settings here.
+#rsync_proxy="username:password@proxy_host:proxy_port"
+#curl_proxy="--proxy http://username:password@proxy_host:proxy_port"
+#wget_proxy="-e http_proxy=http://username:password@proxy_host:proxy_port -e https_proxy=https://username:password@proxy_host:proxy_port"
+#dig_proxy="@proxy_host -p proxy_host:proxy_port"
+#host_proxy="@proxy_host" #does not support port
 
 # Custom Cron install settings, these are detected and only used if you want to override
 # the automatic detection and generation of the values when not set, this is mainly to aid package maintainers
@@ -547,6 +548,6 @@ yararulesproject_url="https://raw.githubusercontent.com/Yara-Rules/rules/master"
 
 # ========================
 # DO NOT EDIT !
-config_version="75"
+config_version="76"
 
 # https://eXtremeSHOK.com ######################################################
diff --git a/config/os.centos7.conf b/config/os.centos7.conf
@@ -33,4 +33,7 @@ clamd_restart_opt="systemctl restart clamd@scan"
 
 clamd_reload_opt="clamdscan --config-file=/etc/clamd.d/scan.conf --reload"
 
+# By default clamupdate has no permissions to run service restarts
+reload_dbs="no"
+
 # https://eXtremeSHOK.com ######################################################
diff --git a/config/user.conf b/config/user.conf
@@ -28,9 +28,13 @@
 
 #securiteinfo_authorisation_signature="YOUR-SIGNATURE-NUMBER"
 
+sanesecurity_enabled="yes"
+
+linuxmalwaredetect_enabled="yes"
+
 # Default dbs rating
 # valid rating: LOW, MEDIUM, HIGH
-#default_dbs_rating="MEDIUM"
+default_dbs_rating="MEDIUM"
 
 # Per Database
 # These ratings will override the global rating for the specific database
@@ -49,6 +53,14 @@
 #) #END ADDITIONAL DATABASES
 
 # Uncomment the following line to enable the script
-#user_configuration_complete="yes"
+user_configuration_complete="yes"
+
+# Proxy Support
+# If necessary to proxy database downloads, define the rsync, curl, wget, dig, hosr proxy settings here.
+#rsync_proxy="username:password@proxy_host:proxy_port"
+#curl_proxy="--proxy http://username:password@proxy_host:proxy_port"
+#wget_proxy="-e http_proxy=http://username:password@proxy_host:proxy_port -e https_proxy=https://username:password@proxy_host:proxy_port"
+#dig_proxy="@proxy_host -p proxy_host:proxy_port"
+#host_proxy="@proxy_host" #does not support port
 
 # https://eXtremeSHOK.com ######################################################
diff --git a/guides/centos7.md b/guides/centos7.md
@@ -0,0 +1,127 @@
+# WORK IN PROGRESS
+
+#### Basic guide to Installing on CentOS 7
+
+## Install Requirements
+# Step 1 Install epel
+```
+yum -y update
+yum -y install epel-release
+yum -y update
+```
+
+# Step 2 Install clamav
+```
+yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
+```
+
+# Step 3 Configure SELinux to allow clamav
+```
+setsebool -P antivirus_can_scan_system 1
+setsebool -P clamd_use_jit 1
+```
+
+# Step 4 Configure clamav
+```
+sed -i '/^Example$/d' /etc/clamd.d/scan.conf
+sed -i -e 's|#LocalSocket /var/run/clamd.scan/clamd.sock|LocalSocket /var/run/clamd.scan/clamd.sock/g' /etc/clamd.d/scan.conf
+
+
+cat << EOF > /etc/tmpfiles.d/clamav.conf
+/var/run/clamd.scan 0755 clam clam
+EOF
+
+mv /usr/lib/systemd/system/clamd\@scan.service /usr/lib/systemd/system/clamd\@scan.old
+cat << EOF > /usr/lib/systemd/system/clamd\@scan.service
+# Run the clamd scanner
+[Unit]
+Description = clamd scanner (%i) daemon
+After = syslog.target nss-lookup.target network.target
+
+[Service]
+Type = simple
+ExecStart = /usr/sbin/clamd --foreground=yes
+Restart = on-failure
+IOSchedulingPriority = 7
+CPUSchedulingPolicy = 5
+Nice = 19
+PrivateTmp = true
+MemoryLimit=500M
+CPUQuota=50%
+
+[Install]
+WantedBy = multi-user.target
+EOF
+
+systemctl daemon-reload
+
+```
+
+# Step 5 Configure Freshclam
+```
+sed -i '/^Example$/d' /etc/freshclam.conf
+sed -i '/REMOVE ME/d' /etc/sysconfig/freshclam
+
+cat << EOF > /usr/lib/systemd/system/clam-freshclam.service
+# Run the freshclam as daemon
+[Unit]
+Description = freshclam scanner
+After = network.target
+
+[Service]
+Type = forking
+ExecStart = /usr/bin/freshclam -d
+Restart = on-failure
+IOSchedulingPriority = 7
+CPUSchedulingPolicy = 5
+Nice = 19
+PrivateTmp = true
+
+[Install]
+WantedBy = multi-user.target
+EOF
+systemctl daemon-reload
+
+freshclam
+systemctl enable clam-freshclam.service
+systemctl start clam-freshclam.service
+
+```
+
+# Step 6 Configure clamav
+```
+systemctl enable clamd@scan
+systemctl start clamd@scan
+systemctl status clamd@scan
+```
+
+# Step 7 Install Dependencies
+```
+yum -y install bind-utils rsync
+```
+# Step 8
+```
+curl https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh --output /usr/local/bin/clamav-unofficial-sigs.sh
+chmod 755 /usr/local/bin/clamav-unofficial-sigs.sh
+mkdir -p /etc/clamav-unofficial-sigs
+curl https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf --output /etc/clamav-unofficial-sigs/master.conf
+curl https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/os.centos7.conf --output /etc/clamav-unofficial-sigs/os.centos7.conf
+curl https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/user.conf --output /etc/clamav-unofficial-sigs/user.conf
+```
+
+# Step 9
+set your user options
+```
+vim /etc/clamav-unofficial-sigs/user.conf
+```
+
+# Step 10
+run once to make sure there are no errors
+```
+bash clamav-unofficial-sigs.sh
+```
+
+# Step 11
+```
+bash clamav-unofficial-sigs.sh --install-all
+```
diff --git a/guides/macosx.md b/guides/macosx.md
@@ -1,14 +1,17 @@
 #### Basic guide to Installing on Mac OS 10.12+ and OS X
+Press Command+Space and type Terminal and press enter/return key.
+Run all the following in the Terminal app:
+
+## Notes:
+https://www.clamav.net/documents/installation-on-macos-mac-os-x
 
 ## Install Requirements
 # Step 1 Install Homebrew
-Press Command+Space and type Terminal and press enter/return key.
-Run in Terminal app:
 ```
-ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" < /dev/null 2> /dev/null
+/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
 ```
 
-# Step 2
+# Step 2 Install clamav
 ```
 brew install clamav
 ```
@@ -17,7 +20,7 @@ brew install clamav
 ```
 sudo su
 curl https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh --output /usr/local/bin/clamav-unofficial-sigs.sh
-chmod 777  /usr/local/bin/clamav-unofficial-sigs.sh
+chmod 755  /usr/local/bin/clamav-unofficial-sigs.sh
 mkdir -p /etc/clamav-unofficial-sigs
 curl https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf --output /etc/clamav-unofficial-sigs/master.conf
 curl https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/os.macosx.conf --output /etc/clamav-unofficial-sigs/os.conf

diff --git a/guides/pfsense.md b/guides/pfsense.md
@@ -24,7 +24,7 @@ pkg install rsync
 echo "fdesc	/dev/fd		fdescfs		rw	0	0" >> /etc/fstab
 ln -s /usr/local/bin/bash /bin/bash
 curl https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/clamav-unofficial-sigs.sh --output /usr/sbin/clamav-unofficial-sigs.sh
-chmod 777 /usr/sbin/clamav-unofficial-sigs.sh
+chmod 755 /usr/sbin/clamav-unofficial-sigs.sh
 mkdir -p /etc/clamav-unofficial-sigs
 curl https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/master.conf --output /etc/clamav-unofficial-sigs/master.conf
 curl https://raw.githubusercontent.com/extremeshok/clamav-unofficial-sigs/master/config/os.pfsense.conf --output /etc/clamav-unofficial-sigs/os.conf
@@ -59,6 +59,6 @@ SHELL=/bin/sh
 PATH=/usr/local/bin:$PATH
 /bin/bash /usr/sbin/clamav-unofficial-sigs.sh
 EOF
-chmod 777 /etc/rc.clamav-unofficial-sigs.sh
+chmod 755 /etc/rc.clamav-unofficial-sigs.sh
 echo -e "*/5 * * * * root /etc/rc.clamav-unofficial-sigs.sh\n\n" >> /etc/crontab
 ```