Hi All,
A few bits of news...
* JavaScript/Locky nasties
Seeing at this is currently the "in-thing", various sigs in the following
databases will helps catch them:
foxhole_filename.cdb (known js filenames)
phish.ndb (known js script matches)
rogue.hdb (known js hashes) (sometimes seeing 100 per hour)
For those who don't use js files in zip/rar's there a new database, as
some people have asked for:
* New Database: foxhole_js.cdb (*medium* false positive risk)
This database will block most JavaScript (.js) files within within Zip,
Rar files. The current #locky #javascript #malware is using rapidly
changing JavaScript files and this database is aimed at blocking these.
To help minimise false positives, this database will only scan *small*
sized Zip and Rar files.
Other foxhole databases here:
http://sanesecurity.com/foxhole-databases/
* Updated download script
https://github.com/extremeshok/clamav-unofficial-sigs
Last few changes:
Version 5.0.6 (updated 2016-04-04)
eXtremeSHOK.com Maintenance
Updated winnow databases as per information from Tom @ OITC
Bump config to 58
Version 5.0.5
eXtremeSHOK.com Maintenance
Add support for specifying a custom config dir or file with (--config)
-c option
Removed default_config
Added travis-ci build testing
Updates to the help and usage display
Added sanity testing of sanesecurity_dbs, securiteinfo_dbs,
linuxmalwaredetect_dbs, yararules_dbs, add_dbs
Added function xshok_array_count
Prevent some issues with an incomplete or only a user.conf being loaded
Added fallback to host if dig returns no records
Check there are Sanesecurity mirror ips before we attempt to rsync
Important binaries have been aliased (clamscan, rsync, curl, gpg) and
allow their paths to be overridden
Added sanity checks to make sure the binaries and workdir is defined
Custom Binary Paths added to the config (clamscan_bin, rsync_bin,
curl_bin, gpg_bin)
Bump config to 57
Added initial centos6 + cpanel os config
Bugfix Only start logging once all the configs have been loaded
Rename $version to script_version
Default malwarePatrol to the free version
Added script version checks
Version 5.0.4
eXtremeSHOK.com Maintenance
Added/Updated OS configs: CentOS 7, FreeBSD, Slackware
Added clamd_reload_opt to fix issues with centos7 conf
Fix --remove-script should call remove_script() function by @IdahoPL
Add OS specific settings to logrotate
Increased default timeout values
Attempt to Silence more output
Create the log_file_path directory before we touch the file.
Updated config file to remove the $work_dir varible from dir names
Remove trailing / from directory names
Initial support for Travis-Ci testing
Fixed config option enable_logging -> logging_enabled
Config updated to 56 due to changes
Version 5.0.3
eXtremeSHOK.com Maintenance
Added OS configs: OpenSUSE, Archlinux, Gentoo, Raspbian, FreeBSD
Fixed config option enable_logging -> logging_enabled
Cheers,
Steve
Web : sanesecurity.com
Blog: sanesecurity.blogspot.com
Twitter: @sanesecurity
