On Thu, 2010-05-27 at 16:02 +0100, Steve Basford wrote:
Hi All,
Arnaud Jacques of from SecuriteInfo has contacted me regarding an
important change to some of the signature databases.
For those users who are using honeynet.hdb.gz, securiteinfo.hdb.gz and
vx.hdb.gz from SecuriteInfo.com, they have made a few changes today, which
you need to be aware of.
honeynet.hdb.gz, securiteinfo.hdb.gz and vx.hdb.gz have been replaced by :
http://clamav.securiteinfo.com/honeynet.hdb
http://clamav.securiteinfo.com/securiteinfobat.hdb
http://clamav.securiteinfo.com/securiteinfodos.hdb
http://clamav.securiteinfo.com/securiteinfoelf.hdb
http://clamav.securiteinfo.com/securiteinfo.hdb
http://clamav.securiteinfo.com/securiteinfohtml.hdb
http://clamav.securiteinfo.com/securiteinfooffice.hdb
http://clamav.securiteinfo.com/securiteinfopdf.hdb
http://clamav.securiteinfo.com/securiteinfosh.hdb
NOTE 1: Those files are *not* gzipped.
NOTE 2: honeynet.hdb.gz, securiteinfo.hdb.gz and vx.hdb.gz will not be
removed in the near future, ** but will not be updated any more **
The change has been make to let the user decide what kind of signatures is
useful for his/her environment.
For example, a Linux user could just download "elf" and "sh" sigs, whereas
a windows user could just download "bat", "office" and "pdf" sigs, whereas
a web administrator could just download "html" sigs.
This change can help with memory requirements, especially the embedded
computer industry (often with low RAM on motherboard).
Cheers,
Steve
Sanesecurity
Steve, after seeing this I modified Bill's script as below:
si_dbs="
honeynet.hdb
securiteinfoelf.hdb
securiteinfo.hdb
securiteinfohtml.hdb
securiteinfopdf.hdb
securiteinfosh.hdb
"
When time came to check the securite db's for updates I saw this in the
output of the script:
Testing updated SecuriteInfo database file: securiteinfoelf.hdb
Clamscan reports Sanesecurity securiteinfoelf.hdb database integrity
tested BAD - SKIPPING
Testing updated SecuriteInfo database file: securiteinfohtml.hdb
Clamscan reports Sanesecurity securiteinfohtml.hdb database integrity
tested BAD - SKIPPING
Testing updated SecuriteInfo database file: securiteinfopdf.hdb
Clamscan reports Sanesecurity securiteinfopdf.hdb database integrity
tested BAD - SKIPPING
Testing updated SecuriteInfo database file: securiteinfosh.hdb
Clamscan reports Sanesecurity securiteinfosh.hdb database integrity
tested BAD - SKIPPING
Opening any of the securite .hdb files shows the below in a browser
window:
The requested URL /securiteinfoelf.hdb.gz was not found on this server.
Below are the new hdb files that were downloaded.
293 2010-05-28 01:06 securiteinfoelf.hdb
293 2010-05-28 07:13 securiteinfoelf.hdb.gz
9669520 2010-04-29 07:10 securiteinfo.hdb
3961906 2010-04-29 02:36 securiteinfo.hdb.gz
294 2010-05-28 01:06 securiteinfohtml.hdb
294 2010-05-28 07:13 securiteinfohtml.hdb.gz
293 2010-05-28 01:06 securiteinfopdf.hdb
293 2010-05-28 07:13 securiteinfopdf.hdb.gz
292 2010-05-28 01:06 securiteinfosh.hdb
292 2010-05-28 07:13 securiteinfosh.hdb.gz
Did I make a mistake in the securite configuration?
