Clamspam signature update script *Updated 8/2011*

Users tips and ideas

Moderators: FlorianB, Pascal, bourgeois, mentor

sharky_84
Posts: 8
Joined: Thu Dec 09, 2010 10:53 am
How did you hear about Mailcleaner: internet

Re: Clamspam signature update script *Updated 6/2010*

Postby sharky_84 » Fri Dec 10, 2010 1:14 am

okay... so I have done al the things which where post in the first message: But still the ClamSpam daemon : stopped. manually restart is not working.

When I restart the mailcleaner it says

Starting ClamSpam daemon: no database, not started.

. Am I missing something?
uncltom
Posts: 495
Joined: Tue Aug 26, 2008 3:01 am
How did you hear about Mailcleaner: I dont remember probably google?
Location: Spokane, WA

Re: Clamspam signature update script *Updated 6/2010*

Postby uncltom » Thu Dec 16, 2010 4:46 am

sharky_84 wrote:okay... so I have done al the things which where post in the first message: But still the ClamSpam daemon : stopped. manually restart is not working.

When I restart the mailcleaner it says

Starting ClamSpam daemon: no database, not started.

. Am I missing something?


1. Do you have anything in /var/mailcleaner/spool/clamspam? There should be database files there.

2. Have you applied all of the updates? At some point there was an issue with the clamspam start script. (I dont remember when off the top of my head.)
Properly updating your install will make sure that issue is fixed.
frederikbove
Posts: 21
Joined: Fri Dec 24, 2010 8:17 am
How did you hear about Mailcleaner: google

Re: Clamspam signature update script *Updated 6/2010*

Postby frederikbove » Fri Dec 24, 2010 9:54 am

I have the same issue. And I have notting in /var/mailcleaner/spool/clamspam

The steps in the first post are up to date for version 2010 beta3?
uncltom
Posts: 495
Joined: Tue Aug 26, 2008 3:01 am
How did you hear about Mailcleaner: I dont remember probably google?
Location: Spokane, WA

Re: Clamspam signature update script *Updated 6/2010*

Postby uncltom » Sat Dec 25, 2010 8:53 am

frederikbove wrote:I have the same issue. And I have notting in /var/mailcleaner/spool/clamspam

The steps in the first post are up to date for version 2010 beta3?


Yes they are correct. Looking at the clamav-unofficial-sigs.conf file you should see the line:
clam_dbs="/var/mailcleaner/spool/clamspam"

That is where the files should be.

1. What happens when you type /sanesecurity/clamav-unofficial-sigs.sh? You should see something like:
mailcleaner:~# /sanesecurity/clamav-unofficial-sigs.sh
====================
= ClamD is running =
====================

======================================================================
Sanesecurity Database & GPG Signature File Updates
======================================================================

Sanesecurity mirror site used: nbi.kozstyle.org 84.19.167.43

Number of files: 46
Number of files transferred: 22
Total file size: 52398222 bytes
Total transferred file size: 42873710 bytes
Literal data: 2446738 bytes
Matched data: 40426972 bytes
File list size: 1490
File list generation time: 0.408 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 92510
Total bytes received: 324057

sent 92510 bytes received 324057 bytes 15147.89 bytes/sec
total size is 52398222 speedup is 125.79

Testing updated Sanesecurity database file: jurlbl.ndb
Sanesecurity GPG Signature tested good on jurlbl.ndb database
Clamscan reports Sanesecurity jurlbl.ndb database integrity tested good
Successfully updated Sanesecurity production database file: jurlbl.ndb

Testing updated Sanesecurity database file: jurlbla.ndb
Sanesecurity GPG Signature tested good on jurlbla.ndb database
Clamscan reports Sanesecurity jurlbla.ndb database integrity tested good
Successfully updated Sanesecurity production database file: jurlbla.ndb

Testing updated Sanesecurity database file: winnow_malware.hdb
Sanesecurity GPG Signature tested good on winnow_malware.hdb database
Clamscan reports Sanesecurity winnow_malware.hdb database integrity tested good
Successfully updated Sanesecurity production database file: winnow_malware.hdb

Testing updated Sanesecurity database file: winnow_malware_links.ndb
Sanesecurity GPG Signature tested good on winnow_malware_links.ndb database
Clamscan reports Sanesecurity winnow_malware_links.ndb database integrity tested good
Successfully updated Sanesecurity production database file: winnow_malware_links.ndb

Testing updated Sanesecurity database file: winnow.attachments.hdb
Sanesecurity GPG Signature tested good on winnow.attachments.hdb database
Clamscan reports Sanesecurity winnow.attachments.hdb database integrity tested good
Successfully updated Sanesecurity production database file: winnow.attachments.hdb

Testing updated Sanesecurity database file: INetMsg-SpamDomains-2m.ndb
Sanesecurity GPG Signature tested good on INetMsg-SpamDomains-2m.ndb database
Clamscan reports Sanesecurity INetMsg-SpamDomains-2m.ndb database integrity tested good
Successfully updated Sanesecurity production database file: INetMsg-SpamDomains-2m.ndb

Testing updated Sanesecurity database file: spear.ndb
Sanesecurity GPG Signature tested good on spear.ndb database
Clamscan reports Sanesecurity spear.ndb database integrity tested good
Successfully updated Sanesecurity production database file: spear.ndb

Testing updated Sanesecurity database file: spearl.ndb
Sanesecurity GPG Signature tested good on spearl.ndb database
Clamscan reports Sanesecurity spearl.ndb database integrity tested good
Successfully updated Sanesecurity production database file: spearl.ndb

Testing updated Sanesecurity database file: scamnailer.ndb
Sanesecurity GPG Signature tested good on scamnailer.ndb database
Clamscan reports Sanesecurity scamnailer.ndb database integrity tested good
Successfully updated Sanesecurity production database file: scamnailer.ndb

Testing updated Sanesecurity database file: winnow_phish_complete_url.ndb
Sanesecurity GPG Signature tested good on winnow_phish_complete_url.ndb database
Clamscan reports Sanesecurity winnow_phish_complete_url.ndb database integrity tested good
Successfully updated Sanesecurity production database file: winnow_phish_complete_url.ndb

Testing updated Sanesecurity database file: winnow_spam_complete.ndb
Sanesecurity GPG Signature tested good on winnow_spam_complete.ndb database
Clamscan reports Sanesecurity winnow_spam_complete.ndb database integrity tested good
Successfully updated Sanesecurity production database file: winnow_spam_complete.ndb

======================================================================
SecuriteInfo Database File Updates
======================================================================

Checking for updated SecuriteInfo database file: antispam.ndb

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 283 100 283 0 0 305 0 --:--:-- --:--:-- --:--:-- 0

Testing updated SecuriteInfo database file: antispam.ndb
Clamscan reports Sanesecurity antispam.ndb database integrity tested BAD - SKIPPING
rsync: link_stat "/sanesecurity/cache/si-dbs/antispam.ndb" failed: No such file or directory (2)
rsync error: some files could not be transferred (code 23) at main.c(1058) [sender=3.0.3]
Failed to successfully update SecuriteInfo production database file: antispam.ndb - SKIPPING

No updated SecuriteInfo antispam.ndb database file found
---
Checking for updated SecuriteInfo database file: vx.hdb

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 277 100 277 0 0 757 0 --:--:-- --:--:-- --:--:-- 0

Testing updated SecuriteInfo database file: vx.hdb
Clamscan reports Sanesecurity vx.hdb database integrity tested BAD - SKIPPING
rsync: link_stat "/sanesecurity/cache/si-dbs/vx.hdb" failed: No such file or directory (2)
rsync error: some files could not be transferred (code 23) at main.c(1058) [sender=3.0.3]
Failed to successfully update SecuriteInfo production database file: vx.hdb - SKIPPING

No updated SecuriteInfo vx.hdb database file found
---
Checking for updated SecuriteInfo database file: honeynet.hdb

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0

No updated SecuriteInfo honeynet.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfobat.hdb

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0

No updated SecuriteInfo securiteinfobat.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfodos.hdb

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0

No updated SecuriteInfo securiteinfodos.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfoelf.hdb

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0

No updated SecuriteInfo securiteinfoelf.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfo.hdb

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0

No updated SecuriteInfo securiteinfo.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfohtml.hdb

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0

No updated SecuriteInfo securiteinfohtml.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfooffice.hdb

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0

No updated SecuriteInfo securiteinfooffice.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfopdf.hdb

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0

No updated SecuriteInfo securiteinfopdf.hdb database file found
---
Checking for updated SecuriteInfo database file: securiteinfosh.hdb

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0

No updated SecuriteInfo securiteinfosh.hdb database file found

======================================================================
MalwarePatrol mbl.ndb Database File Update
======================================================================

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 144k 0 144k 0 0 96223 0 --:--:-- 0:00:01 --:--:-- 268k

MalwarePatrol signature database (mbl.ndb) did not change - skipping

======================================================================

======================================================================
mailcleaner:~# Check the permissions on clamav-unofficial-sigs.sh they should be 755
-bash: Check: command not found
mailcleaner:~#
You should see

If you get an error like this:

mailcleaner:/sanesecurity# /sanesecurity/clamav-unofficial-sigs.sh -bash: /sanesecurity/clamav-unofficial-sigs.sh: Permission denied

Then check the permissions on clamav-unofficial-sigs.sh they should be 755.

mailcleaner:/sanesecurity# ls -la
total 128
drwxr-xr-x 3 root root 4096 Sep 12 00:05 .
drwxr-xr-x 23 root root 4096 Jul 3 00:53 ..
drwxr-xr-x 8 root root 4096 Jul 3 00:55 cache
-rw-r--r-- 1 root root 12803 Jun 21 2010 clamav-unofficial-sigs.conf (This is 644)
-rwxr-xr-x 1 root root 76054 Jun 21 2010 clamav-unofficial-sigs.sh (This is 755)
-rw-r--r-- 1 root root 17120 Sep 12 00:05 sanesecurity.tar.gz

If you get other errors make sure you followed step 1.

1. Run aptitude install rsync gnupg curl socat gzip dnsutils
(Even if aptitiude doesn't have super cow powers!)
Dont forget to do aptitiude update first!

This consists of two parts.
mailcleaner:/sanesecurity# aptitude update
mailcleaner:/sanesecurity# aptitude install rsync gnupg curl socat gzip dnsutils

Please post the error you get from running /sanesecurity/clamav-unofficial-sigs.sh

Thanks!
Tom
frederikbove
Posts: 21
Joined: Fri Dec 24, 2010 8:17 am
How did you hear about Mailcleaner: google

Re: Clamspam signature update script *Updated 6/2010*

Postby frederikbove » Sat Dec 25, 2010 10:18 am

it works i was doing de aptitude install only not the update thanks.

De file for download was the last clamav sig right?
uncltom
Posts: 495
Joined: Tue Aug 26, 2008 3:01 am
How did you hear about Mailcleaner: I dont remember probably google?
Location: Spokane, WA

Re: Clamspam signature update script *Updated 6/2010*

Postby uncltom » Sat Dec 25, 2010 11:00 pm

Yeah the update is important. I have left it out a few times on new loads but I know when I get the message that the installs were not found then I forgot the update.

I believe clamav updates itself but we will have to wait from confirmation from our illustrious leader Olivier.
If you want to check look at /var/mailcleaner/log/clamav/freshclam.log. Mine is updating hourly.

Clamspam is a porting of clamav that uses clamav to scan e-mail messages identifying spam the same way a virus is identified.
So the files for clamspam are literally clamav defs but instead of helping it identify viruses it helps clamav identift spam.
Dentalair
Posts: 6
Joined: Mon Dec 05, 2011 2:16 pm
How did you hear about Mailcleaner: Google

Re: Clamspam signature update script *Updated 8/2011*

Postby Dentalair » Mon Dec 05, 2011 3:27 pm

Hi,

is this still necessary for the 2011 version?

regards,

Jeroen
olivier
Posts: 1348
Joined: Thu Jan 01, 1970 1:00 am
Contact:

Re: Clamspam signature update script *Updated 8/2011*

Postby olivier » Mon Dec 05, 2011 3:42 pm

yes, spam definitions are not (and probably never will be) installed with the Community Edition of MailCleaner. No automatic update neither. You will have to manage them by yourself.
Virus definitions (ClamAV officials) are, however, built-in and automatically updated every hour.
screwloose
Posts: 29
Joined: Sun Dec 18, 2011 9:46 am
How did you hear about Mailcleaner: google

Re: Clamspam signature update script *Updated 8/2011*

Postby screwloose » Mon Dec 19, 2011 12:53 am

Just went through getting this all working and heres my 'destructions'

mkdir /sanesecurity /sanesecurity/cache
cd /tmp
wget http://www.inetmsg.com/pub/clamav-unoff ... igs.tar.gz
tar xvf clamav-unofficial-sigs.tar.gz
mv clamav-unofficial-sigs-3.7.1/* /sanesecurity/
chmod 755 /sanesecurity/clamav-unofficial-sigs.sh
cp /sanesecurity/clamav-unofficial-sigs.conf /etc/
nano /etc/clamav-unofficial-sigs.conf


Change the following lines to suit

PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/clamav/bin"
clam_dbs="/var/mailcleaner/spool/clamspam"
clamd_pid="/var/mailcleaner/run/clamav/clamd.pid"
user_configuration_complete="yes"


Save Changes

cd /sanesecurity
./clamav-unofficial-sigs.sh

Check for errors, if all ok add in the cron job

nano /etc/crontab
30 * * * * root /sanesecurity/clamav-unofficial-sigs.sh >& /dev/null
Echo
Posts: 1
Joined: Thu Feb 02, 2012 1:40 pm
How did you hear about Mailcleaner: googling

Re: Clamspam signature update script *Updated 8/2011*

Postby Echo » Fri Feb 03, 2012 12:56 pm

I have one problem.

When I start ClamSpam, I receive a message "no database, not started"

Now I have clamav-unofficial-sigs.sh script work fine.

The configuration is:
clamav-unofficial-sigs.sh /usr/bin/
clamav-unofficial-sigs.conf /etc/ and the configuration of variables is:
PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/clamav/bin"
clam_dbs="/var/opt/clamav/lib" because the file /etc/opt/clamav/clamd.conf have configure DatabaseDirectory
work_dir="/var/mailcleaner/spool/clamspam"
user_configuration_complete="yes"

But the service continue stop
uncltom
Posts: 495
Joined: Tue Aug 26, 2008 3:01 am
How did you hear about Mailcleaner: I dont remember probably google?
Location: Spokane, WA

Re: Clamspam signature update script *Updated 8/2011*

Postby uncltom » Sat Feb 04, 2012 7:34 am

Clamd.conf should be in /usr/mailcleaner/etc

Your clam_dbs is wrong. It really is /var/mailcleaner/spool/clamspam and the work dir should NOT be /var/mailcleaner/spool/clamspam.

I would delete what you have and start over... except follow the directions! This has worked flawlessly for hundreds of people. Follow the simple directions and it will require no tweaking. Period.
uncltom
Posts: 495
Joined: Tue Aug 26, 2008 3:01 am
How did you hear about Mailcleaner: I dont remember probably google?
Location: Spokane, WA

Re: Clamspam signature update script *Updated 8/2011*

Postby uncltom » Sat Feb 04, 2012 7:39 am

screwloose wrote:Just went through getting this all working and heres my 'destructions'

mkdir /sanesecurity /sanesecurity/cache
cd /tmp
wget http://www.inetmsg.com/pub/clamav-unoff ... igs.tar.gz
tar xvf clamav-unofficial-sigs.tar.gz
mv clamav-unofficial-sigs-3.7.1/* /sanesecurity/
chmod 755 /sanesecurity/clamav-unofficial-sigs.sh
cp /sanesecurity/clamav-unofficial-sigs.conf /etc/
nano /etc/clamav-unofficial-sigs.conf


Change the following lines to suit

PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/clamav/bin"
clam_dbs="/var/mailcleaner/spool/clamspam"
clamd_pid="/var/mailcleaner/run/clamav/clamd.pid"
user_configuration_complete="yes"


Save Changes

cd /sanesecurity
./clamav-unofficial-sigs.sh

Check for errors, if all ok add in the cron job

nano /etc/crontab
30 * * * * root /sanesecurity/clamav-unofficial-sigs.sh >& /dev/null


Destructions is a good term. You forgot the most important part of choosing which updates to include.
bexx32
Posts: 7
Joined: Tue Apr 03, 2012 2:02 pm
How did you hear about Mailcleaner: internet

Re: Clamspam signature update script *Updated 8/2011*

Postby bexx32 » Thu Jul 26, 2012 12:41 pm

same steps for 2012.6?
gameover0
Posts: 19
Joined: Wed Jan 23, 2013 7:28 pm
How did you hear about Mailcleaner: google

Re: Clamspam signature update script *Updated 8/2011*

Postby gameover0 » Sun Jan 27, 2013 3:35 am

yes works the same on 2012.6 but the links above are dead.

http://www.pothsprojects.com/viewtopic.php?f=100&t=5645
koma
Posts: 40
Joined: Mon Sep 27, 2010 1:52 pm
How did you hear about Mailcleaner: Google

Re: Clamspam signature update script *Updated 8/2011*

Postby koma » Mon Oct 21, 2013 11:33 am

The old attachment is obsolete and did not work anymore:
there is the current version of the updater: http://sourceforge.net/projects/unofficial-sigs/
And here is my working configuration file:

Code: Select all

PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/opt/clamav/bin"
export PATH
clam_user="clamav"
clam_group="clamav"
setmode="yes"
clam_dbs="/var/mailcleaner/spool/clamspam"
clamd_pid="/var/mailcleaner/run/clamav/clamspamd.pid"
reload_dbs="yes"
reload_opt="/usr/mailcleaner/etc/init.d/clamspamd restart"
clamd_socket="/var/mailcleaner/run/clamav/clamspamd.sock"
enable_random="yes"
min_sleep_time="60"    # Default minimum is 60 seconds (1 minute).
max_sleep_time="600"   # Default maximum is 600 seconds (10 minutes).
ss_dbs="
   blurl.ndb
   junk.ndb
   jurlbl.ndb
   phish.ndb
   rogue.hdb
   sanesecurity.ftm
   scam.ndb
   sigwhitelist.ign2
   spamattach.hdb
   spamimg.hdb
   winnow.attachments.hdb
   winnow_bad_cw.hdb
   winnow_extended_malware.hdb
   winnow_malware.hdb
   winnow_malware_links.ndb
   doppelstern.hdb
   bofhland_cracked_URL.ndb
   bofhland_malware_attach.hdb
   bofhland_malware_URL.ndb
   bofhland_phishing_URL.ndb
   crdfam.clamav.hdb
   phishtank.ndb
   porcupine.ndb
"
si_dbs="
   honeynet.hdb
   securiteinfo.hdb
   securiteinfobat.hdb
   securiteinfodos.hdb
   securiteinfoelf.hdb
   securiteinfohtml.hdb
   securiteinfooffice.hdb
   securiteinfopdf.hdb
   securiteinfosh.hdb
"
si_update_hours="4"   # Default is 4 hours (6 update checks daily).
mbl_dbs="
   mbl.ndb
"
mbl_update_hours="6"   # Default is 6 hours (4 downloads daily).
rsync_connect_timeout="15"
rsync_max_time="60"
curl_connect_timeout="15"
curl_max_time="90"
work_dir="/sanesecurity/cache"
ss_dir="$work_dir/ss-dbs"        # Sanesecurity sub-directory
si_dir="$work_dir/si-dbs"        # SecuriteInfo sub-directory
mbl_dir="$work_dir/mbl-dbs"      # MalwarePatrol sub-directory
config_dir="$work_dir/configs"   # Script configs sub-directory
gpg_dir="$work_dir/gpg-key"      # Sanesecurity GPG Key sub-directory
add_dir="$work_dir/add-dbs"      # User defined databases sub-directory
keep_db_backup="no"
curl_silence="no"      # Default is "no" to report curl statistics
rsync_silence="no"     # Default is "no" to report rsync statistics
gpg_silence="no"       # Default is "no" to report gpg signature status
comment_silence="no"   # Default is "no" to report script comments
enable_logging="no"
log_file_path="/var/log"
log_file_name="clamav-unofficial-sigs.log"
rsync_proxy=""
curl_proxy=""
user_configuration_complete="yes"


Return to “Tips”

Who is online

Users browsing this forum: No registered users and 1 guest