Header Ads

ClamAV Antivirus in Linux - Unofficial Signatures and Cron

ClamAV Antivirus in Linux - Unofficial Signatures and Cron

In previous post "ClamAV Antivirus in Linux - Installation and Usage", we discussed about installation and usage guidelines for ClamAV antivirus software in Linux.

This follow-up post contains necessary terminal commands for installing unofficial signatures for advanced usage.

I. Adding Unofficial Virus Signatures

ClamAV comes with its own updated set of signatures. However, if you need additional virus signatures, download unofficial signatures from third-party providers like extremeshok (https://github.com/extremeshok).

NOTE: Using additional signatures consumes more resources and bandwidth.

Start by entering root access mode

'sudo -i'

Download the files and move them to a new directory

`wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/master.tar.gz`

`tar xvzf master.tar.gz`

`rm master.tar.gz`

`cp clamav-unofficial-sigs-master/clamav-unofficial-sigs.sh /usr/local/sbin/`

`mkdir -p /etc/clamav-unofficial-sigs`

Copy to enable appropriate OS config. Check available .conf files using "ls" command.

`ls clamav-unofficial-sigs-master/config/os`

For example, to use on a Ubuntu based distro

`cp clamav-unofficial-sigs-master/config/os/os.ubuntu.conf /etc/clamav-unofficial-sigs/os.conf`

Changing ClamAV unofficial signatures config

Copy the master and user configs

`cp clamav-unofficial-sigs-master/config/{master.conf,user.conf} /etc/clamav-unofficial-sigs/`

To enable the update script, edit

`nano /etc/clamav-unofficial-sigs/user.conf`

And make sure the following option is uncommented and set to yes (ctrl+x to exit nano)


Install lograte configuration to compress and archive older log files created from the script

`chmod 744 /usr/local/sbin/clamav-unofficial-sigs.sh`

`/usr/local/sbin/clamav-unofficial-sigs.sh --install-logrotate`

Install the manual page

`/usr/local/sbin/clamav-unofficial-sigs.sh --install-man`

Copy system md files, works like cron

`cp clamav-unofficial-sigs-master/systemd/* /etc/systemd/`

To update signatures manually run the following command and download unofficial signatures


To check if the additional signatures were added

`clamscan --debug 2>&1 /dev/null | grep "loaded"`

Remove downloaded sigs folder

`rm -f -r clamav-unofficial-sigs-master`

II. Scheduling Antivirus Scan and Updates using Cron

Open a file in cron.daily, and paste the following script to setup daily scans

`nano /etc/cron.daily/dailyclamscan`

touch $LOG_FILE
/usr/bin/clamscan --infected --remove --recursive $SCAN_DIR >> $LOG_FILE`

And provide permissions

`chmod +x /etc/cron.daily/dailyclamscan`

To add cron to freshclam to schedule daily virus signature update

`crontab -e`

`0 1 * * * /usr/bin/freshclam --quiet`

Exit root access


No comments