Introduction - what is this about?
This guide provides detailed instructions on configuring ClamAV for phising, scam and spam protection by using third-party ClamAV signatures . This is the second part of a two-part series – find the first part on the link below:
ClamAV Guide - Part I: Setting Up ClamAV Anti-virus for ORF
Generally, the quality of third-party signatures provided by SaneSecurity is quite good, but your mileage may vary. If you are not sure what to expect, configure the ClamAV agent to tag or redirect emails on hit for a short testing period, so you can recover any falsely blacklisted emails.
1 |
Getting started - downloading required toolsDownload the following package and extract its contents to a temporary folder: ClamAV Tools Package (ZIP) The package contains the following:
IMPORTANT The communication protocol used by rsync is TCP/873. Make sure this port is open on your firewall. |
2 |
Installing SigupdateCopy or move the sigupdate directory to the installation directory of ClamAV (C:\clamav\ by default). Please note that if you did not install ClamAV to the default directory, you have to manually update the relevant file paths in sigupdate.bat. You can configure Sigupdate signature sources by editing signames.txt. You will probably find the default signature set suitable, so we recommend to skip this step for now, and revisit this file once you familiarized yourself with ClamAV and Sanesecurity signatures.
IMPORTANT The first two entries in signames.txt must remain: |
3 |
Downloading signatures
Run |
4 |
Scheduling updatesTo schedule the update process, run the following command as Administrator: schtasks /create /sc hourly /mo 1 /tn "Sigupdate" /tr "C:\clamav\sigupdate\sigupdate.bat" /ru "NT AUTHORITY\SYSTEM"This will add a scheduled task called Sigupdate which will run sigupdate.bat under the SYSTEM account every hour to update the default anti-virus signatures. If you would like to update more (or less) frequently, feel free to modify the command accordingly (read this article regarding the syntax). To ensure the correct resolution of relative file names, the working directory for the task needs to be specified. Unfortunately, there is no command line parameter to do this, so you will have to use the Task Scheduler user interface:
To delete the scheduled task, run the following command as Administrator: schtasks /delete /tn "Sigupdate" /f |
5 |
Adding further signatures (optional)
There are a lot of third-party signatures available for ClamAV to extend its filtering capabilities.
Probably the most well-known are the signatures offered by Sanesecurity, built against different threats. You can find more info about these at: |