On 5/28/2010 5:43 AM, Chris wrote:
On Thu, 2010-05-27 at 16:02 +0100, Steve Basford wrote:Hi All, Arnaud Jacques of from SecuriteInfo has contacted me regarding an important change to some of the signature databases. For those users who are using honeynet.hdb.gz, securiteinfo.hdb.gz and vx.hdb.gz from SecuriteInfo.com, they have made a few changes today, which you need to be aware of. honeynet.hdb.gz, securiteinfo.hdb.gz and vx.hdb.gz have been replaced by : http://clamav.securiteinfo.com/honeynet.hdb http://clamav.securiteinfo.com/securiteinfobat.hdb http://clamav.securiteinfo.com/securiteinfodos.hdb http://clamav.securiteinfo.com/securiteinfoelf.hdb http://clamav.securiteinfo.com/securiteinfo.hdb http://clamav.securiteinfo.com/securiteinfohtml.hdb http://clamav.securiteinfo.com/securiteinfooffice.hdb http://clamav.securiteinfo.com/securiteinfopdf.hdb http://clamav.securiteinfo.com/securiteinfosh.hdb NOTE 1: Those files are *not* gzipped. NOTE 2: honeynet.hdb.gz, securiteinfo.hdb.gz and vx.hdb.gz will not be removed in the near future, ** but will not be updated any more ** The change has been make to let the user decide what kind of signatures is useful for his/her environment. For example, a Linux user could just download "elf" and "sh" sigs, whereas a windows user could just download "bat", "office" and "pdf" sigs, whereas a web administrator could just download "html" sigs. This change can help with memory requirements, especially the embedded computer industry (often with low RAM on motherboard). Cheers, Steve SanesecuritySteve, after seeing this I modified Bill's script as below: si_dbs=" honeynet.hdb securiteinfoelf.hdb securiteinfo.hdb securiteinfohtml.hdb securiteinfopdf.hdb securiteinfosh.hdb " When time came to check the securite db's for updates I saw this in the output of the script: Testing updated SecuriteInfo database file: securiteinfoelf.hdb Clamscan reports Sanesecurity securiteinfoelf.hdb database integrity tested BAD - SKIPPING Testing updated SecuriteInfo database file: securiteinfohtml.hdb Clamscan reports Sanesecurity securiteinfohtml.hdb database integrity tested BAD - SKIPPING Testing updated SecuriteInfo database file: securiteinfopdf.hdb Clamscan reports Sanesecurity securiteinfopdf.hdb database integrity tested BAD - SKIPPING Testing updated SecuriteInfo database file: securiteinfosh.hdb Clamscan reports Sanesecurity securiteinfosh.hdb database integrity tested BAD - SKIPPING Opening any of the securite .hdb files shows the below in a browser window: The requested URL /securiteinfoelf.hdb.gz was not found on this server. Below are the new hdb files that were downloaded. 293 2010-05-28 01:06 securiteinfoelf.hdb 293 2010-05-28 07:13 securiteinfoelf.hdb.gz 9669520 2010-04-29 07:10 securiteinfo.hdb 3961906 2010-04-29 02:36 securiteinfo.hdb.gz 294 2010-05-28 01:06 securiteinfohtml.hdb 294 2010-05-28 07:13 securiteinfohtml.hdb.gz 293 2010-05-28 01:06 securiteinfopdf.hdb 293 2010-05-28 07:13 securiteinfopdf.hdb.gz 292 2010-05-28 01:06 securiteinfosh.hdb 292 2010-05-28 07:13 securiteinfosh.hdb.gz Did I make a mistake in the securite configuration?
The script needs to be modified in a few places to support the new SecuriteInfo signature databases, as the previous databases were gzipped and the current ones are not.
I will release an updated script soon to support the new (non-compressed) SecuriteInfo signature databases.
Bill