ClamAV Unofficial Signatures

MailCleaner Support
Added about 1 month ago

MailCleaner uses ClaimAV as the default antivirus software when scanning messages. There is a basic set of virus signatures which come with ClamAV which get updated by the program freshclam which runs every 15 minutes via the mail mailcleaner-cron.pl script. These signatures are used by all MailCleaner machines; Enterprise Edition and Community Edition.

In addition to these, Enterprise Edition clients get access to the premium signatures provided by SecurityInfo.com .

All of the above are extremely well tested and stable signatures which should have an extremely low false-positive rate.

If you would like to add additional, community generated, signatures, you can also enable the Unofficial Signatures databases. These are not as thoroughly tested, so the false-positive rate is likely to be somewhat higher, but it should increase the true-positive rate (ie. reduce the false-negative rate) as well. If you would like to enable these signatures, you need to create the file /var/mailcleaner/spool/mailcleaner/clamav-unofficial-sigs with the following content:

I have read the terms of use at: https://sanesecurity.com/usage/linux-scripts/

We encourage you to support the curators of these databases at that link.

Once that file has been written, the additional rules should be fetched during the next cron cycle (every 15 minutes). This will update those signatures, link them to the correct database directory, restart ClamAV and keep them updated going forward. This mean that there is no other action required on your part.

You can look for "Installing Unofficial Signatures..." in /var/mailcleaner/log/clamav/freshclam.log to confirm that they were installed. Otherwise it may note that the contents of the flag file might not be exactly correct.

Note that this will enable all of the available unofficial signature databases. A feature may be added in the future to enable them selectively but for now that is not possible.