rootfs/etc/clamav/unofficial-sigs/master.conf

# This file contains master configuration settings for clamav-unofficial-sigs.sh
###################
# This is property of eXtremeSHOK.com
# You are free to use, modify and distribute, however you may not remove this notice.
# Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
# License: BSD (Berkeley Software Distribution)
##################
#
# Script updates can be found at: https://github.com/extremeshok/clamav-unofficial-sigs
#
##################
#
# NOT COMPATIBLE WITH VERSION 3.XX / 4.XX CONFIG
#
################################################################################
#
# IT IS BETTER TO SET YOUR OPTIONS IN THE user.conf AS THIS MAKES UPDATES EASIER
#
# os.conf AND user.conf OVERRIDES THE OPTIONS IN THIS FILE
#
################################################################################

# Edit the quoted variables below to meet your own particular needs
# and requirements, but do not remove the "quote" marks.

# Set the appropriate ClamD user and group accounts for your system.
# If you do not want the script to set user and group permissions on
# files and directories, comment the next two variables.
#clam_user="clamav"
#clam_group="clamav"

# If you do not want the script to change the file mode of all signature
# database files in the ClamAV working directory to 0644 (-rw-r--r--):
#
# owner: read, write
# group: read
# world: read
#
# as defined in the "clam_dbs" path variable below, then set the following
# "setmode" variable to "no".
setmode="yes"

# Set path to ClamAV database files location.  If unsure, check
# your clamd.conf file for the "DatabaseDirectory" path setting.
clam_dbs="/var/lib/clamav"

# Set path to clamd.pid file (see clamd.conf for path location).
clamd_pid="/var/run/clamav/clamd.pid"

# To enable "ham" (non-spam) directory scanning and removal of
# signatures that trigger on ham messages, uncomment the following
# variable and set it to the appropriate ham message directory.
#ham_dir="/var/lib/clamav-unofficial-sigs/ham-test"

# If you would like to reload the clamd databases after an update,
# change the following variable to "yes".
reload_dbs="yes"

# Custom Command to do a full clamd reload, this is only used when reload_dbs is enabled
clamd_reload_opt="clamdscan --reload"

# Top level working directory, script will attempt to create them.
work_dir="/var/lib/clamav-unofficial-sigs"   #Top level working directory

# Log update information to '$log_file_path/$log_file_name'.
logging_enabled="yes"
log_file_path="/var/log/clamav-unofficial-sigs"
log_file_name="clamav-unofficial-sigs.log"


# =========================
# MalwarePatrol : https://www.malwarepatrol.net
# MalwarePatrol 2016 (free) clamav signatures
#
# 1. Sign up for an account : https://www.malwarepatrol.net/signup-free.shtml
# 2. You will recieve an email containing your password/receipt number
# 3. Login to your account at malwarePatrol
# 4. In My Accountpage, choose the ClamAV list you will download. Free subscribers only get ClamAV Basic, commercial subscribers have access to ClamAV Extended. Do not use the agressive lists.
# 5. In the download URL, you will see 3 parameters: receipt, product and list, enter them in the variables below.

malwarepatrol_receipt_code="YOUR-RECEIPT-NUMBER"
malwarepatrol_product_code="8"
malwarepatrol_list="clamav_basic" # clamav_basic or clamav_ext
# Set to no to enable the commercial subscription url.
malwarepatrol_free="yes"

# =========================
# SecuriteInfo : https://www.SecuriteInfo.com
# SecuriteInfo 2015 free clamav signatures
#
# Usage of SecuriteInfo 2015 free clamav signatures : https://www.securiteinfo.com
# - 1. Sign up for a free account : https://www.securiteinfo.com/clients/customers/signup
# - 2. You will recieve an email to activate your account and then a followup email with your login name
# - 3. Login and navigate to your customer account : https://www.securiteinfo.com/clients/customers/account
# - 4. Click on the Setup tab
# - 5. You will need to get your unique identifier from one of the download links, they are individual for every user
# - 5.1. The 128 character string is after the http://www.securiteinfo.com/get/signatures/
# - 5.2. Example https://www.securiteinfo.com/get/signatures/your_unique_and_very_long_random_string_of_characters/securiteinfo.hdb
#   Your 128 character authorisation signature would be : your_unique_and_very_long_random_string_of_characters
# - 6. Enter the authorisation signature into the config securiteinfo_authorisation_signature: replacing YOUR-SIGNATURE-NUMBER with your authorisation signature from the link

securiteinfo_authorisation_signature="YOUR-SIGNATURE-NUMBER"

# ========================
# Database provider update time
# ========================
# Since the database files are dynamically created, non default values can cause banning, change with caution

sanesecurity_update_hours="2"   # Default is 2 hours (12 downloads daily).
securiteinfo_update_hours="4"   # Default is 4 hours (6 downloads daily).
linuxmalwaredetect_update_hours="6"   # Default is 6 hours (4 downloads daily).
malwarepatrol_update_hours="24"   # Default is 24 hours (1 downloads daily).
yararulesproject_update_hours="24"   # Default is 24 hours (1 downloads daily).
additional_update_hours="4"   # Default is 4 hours (6 downloads daily).

# ========================
# Enabled Databases
# ========================
# Set to no to disable an entire database, if the database is empty it will also be disabled.
sanesecurity_enabled="yes"   # Sanesecurity
securiteinfo_enabled="yes"   # SecuriteInfo
linuxmalwaredetect_enabled="yes"   # Linux Malware Detect
malwarepatrol_enabled="yes"   # Malware Patrol
yararulesproject_enabled="no"   # Yara-Rule Project, automatically disabled if clamav is older than 0.99
additional_enabled="yes"   # Additional Databases

## Disabling this will also cause the yararulesproject to be disabled.
enable_yararules="no"   #Enables yararules in the various databases, automatically disabled if clamav is older than 0.99

# ========================
# eXtremeSHOK Database format
# ========================
# The new and old database formats are supported for backwards compatibility
#
# New Format Usage:
# declare -a new_example_dbs=(
#	file.name|RATING  #description
# )
#
# Rating (False Positive Rating)
# valid ratings:
# REQUIRED : always used
# LOW : used when the rating is low, medium and high
# MEDIUM : used when the rating is medium and high
# HIGH : used when the rating is high
# LOWONLY : used only when the rating is low
# MEDIUMONLY : used only when the rating is medium
# LOWMEDIUMONLY : used only when the rating is medium or low
# DISABLED : never used, or you can also comment the line out if you want
#
# Old Format is still supported, requiring you to comment out files to disable them
# old_example_dbs="
#	file.name #LOW  description
# "

# Default dbs rating
# valid rating: LOW, MEDIUM, HIGH
default_dbs_rating="LOW"

# Per Database
# These ratings will override the global rating for the specific database
# valid rating: LOW, MEDIUM, HIGH, DISABLED
#sanesecurity_dbs_rating=""
#securiteinfo_dbs_rating=""
#linuxmalwaredetect_dbs_rating=""
#yararulesproject_dbs_rating=""

# ========================
# Sanesecurity Database(s)
# ========================
# Add or remove database file names between quote marks as needed.  To
# disable usage of any of the Sanesecurity distributed database files
# shown, remove the database file name from the quoted section below.
# Only databases defined as "low" risk have been enabled by default
# for additional information about the database ratings, see:
# http://www.sanesecurity.com/clamav/databases.htm
# Only add signature databases here that are "distributed" by Sanesecuirty
# as defined at the URL shown above.  Database distributed by others sources
# (e.g., SecuriteInfo & MalewarePatrol, can be added to other sections of
# this config file below).  Finally, make sure that the database names are
# spelled correctly or you will experience issues when the script runs
# (hint: all rsync servers will fail to download signature updates).

declare -a sanesecurity_dbs=( # BEGIN SANESECURITY DATABASE
### SANESECURITY http://sanesecurity.com/usage/signatures/
## REQUIRED, Do NOT disable
sanesecurity.ftm|REQUIRED  # Message file types, for best performance
sigwhitelist.ign2|REQUIRED  # Fast update file to whitelist any problem signatures
# LOW
junk.ndb|LOW  #  General high hitting junk, containing spam/phishing/lottery/jobs/419s etc
jurlbl.ndb|LOW  # Junk Url based
phish.ndb|LOW  # Phishing and Malware
rogue.hdb|LOW  # Malware, Rogue anti-virus software and Fake codecs etc.  Updated hourly to cover the latest malware threats
scam.ndb|LOW  # Spam/scams
spamimg.hdb|LOW  # Spam images
spamattach.hdb|LOW  # Spam Spammed attachments such as pdf/doc/rtf/zips
blurl.ndb|LOW  # Blacklisted full urls over the last 7 days, covering malware/spam/phishing. URLs added only when main signatures have failed to detect but are known to be "bad"
malwarehash.hsb|LOW  # Malware hashes without known Size
# MEDIUM
jurlbla.ndb|MEDIUM  # Junk Url based autogenerated from various feeds
lott.ndb|MEDIUM  # Lottery
spam.ldb|MEDIUM  # Spam detected using the new Logical Signature type
spear.ndb|MEDIUM  # Spear phishing email addresses (autogenerated from data here)
spearl.ndb|MEDIUM  # Spear phishing urls (autogenerated from data here)
badmacro.ndb|MEDIUM  # Blocks dangerous macros embedded in Word/Excel/Xml/RTF/JS documents
shelter.ldb|MEDIUM # Phishing and Malware

### MALWARE.EXPERT https://malware.expert/
# LOW
malware.expert.hdb|MEDIUM	# statics MD5 pattern for files
# MEDIUM
malware.expert.fp|MEDIUM  # found to be false positive malware
malware.expert.ldb|MEDIUM  # which use multi-words search for malware in files
malware.expert.ndb|MEDIUM  # Generic Hex pattern PHP malware, which can cause false positive alarms

### FOXHOLE http://sanesecurity.com/foxhole-databases/
# LOW
foxhole_generic.cdb|LOW  # See Foxhole page for more details
foxhole_filename.cdb|LOW  # See Foxhole page for more details
# MEDIUM
foxhole_js.cdb|MEDIUM  # See Foxhole page for more details
foxhole_js.ndb|MEDIUM  # See Foxhole page for more details
# HIGH
foxhole_all.cdb|HIGH  # See Foxhole page for more details
foxhole_all.ndb|HIGH  # See Foxhole page for more details
foxhole_mail.cdb|HIGH # block any mail that contains a possible dangerous attachments such as: js, jse, exe, bat, com, scr, uue, ace, pif, jar, gz, lnk, lzh.

### OITC http://www.oitc.com/winnow/clamsigs/index.html
### Note: the two databases winnow_phish_complete.ndb and winnow_phish_complete_url.ndb should NOT be used together.
# LOW
winnow_malware.hdb|LOW  # Current virus, trojan and other malware not yet detected by ClamAV.
winnow_malware_links.ndb|LOW  # Links to malware
winnow_extended_malware.hdb|LOW  # contain hand generated signatures for malware
winnow.attachments.hdb|LOW  # Spammed attachments such as pdf/doc/rtf/zip as well as malware crypted configs
winnow_bad_cw.hdb|LOW  # md5 hashes of malware attachments acquired directly from a group of botnets
winnow_phish_complete_url.ndb|LOWMEDIUMONLY  # Similar to winnow_phish_complete.ndb except that entire urls are used
# MEDIUM
winnow_spam_complete.ndb|MEDIUM  # Signatures to detect fraud and other malicious spam
winnow.complex.patterns.ldb|MEDIUM  # contain hand generated signatures for malware and some egregious fraud
winnow_extended_malware_links.ndb|MEDIUM  # contain hand generated signatures for malware links
# HIGH
winnow_phish_complete.ndb|HIGH  # Phishing and other malicious urls and compromised hosts **DO NOT USE WITH winnow_phish_complete_url**
### OITC YARA Format rules
### Note: Yara signatures require ClamAV 0.99 or newer to work
winnow_malware.yara|LOW  # detect spam

### MiscreantPunch http://malwarefor.me/about/
## MEDIUM
MiscreantPunch099-Low.ldb|MEDIUM # ruleset contains comprehensive rules for detecting malicious or abnormal Macros, JS, HTA, HTML, XAP, JAR, SWF, and more.
## HIGH
MiscreantPunch099-INFO-Low.ldb|HIGH # ruleset provides context to various files. Info and Suspicious level signatures may inform analysts of potentially interesting conditions that exist within a document.

### SCAMNAILER http://www.scamnailer.info/
# MEDIUM
scamnailer.ndb|MEDIUM  # Spear phishing and other phishing emails

### BOFHLAND http://clamav.bofhland.org/
# LOW
bofhland_cracked_URL.ndb|LOW  # Spam URLs
bofhland_malware_URL.ndb|LOW  # Malware URLs
bofhland_phishing_URL.ndb|LOW  # Phishing URLs
bofhland_malware_attach.hdb|LOW  # Malware Hashes

###  RockSecurity http://rooksecurity.com/
# LOW
hackingteam.hsb|LOW  # Hacking Team hashes based on work by rooksecurity.com

### Porcupine
# LOW
porcupine.ndb|LOW  # Brazilian e-mail phishing and malware signatures
phishtank.ndb|LOW  # Online and valid phishing urls from phishtank.com data feed
porcupine.hsb|LOW  # Sha256 Hashes of VBS and JSE malware, kept for 7 days

### Sanesecurity YARA Format rules
### Note: Yara signatures require ClamAV 0.99 or newer to work
Sanesecurity_sigtest.yara|LOW  # Sanesecurity test signatures
Sanesecurity_spam.yara|LOW  # Detects Spam emails

) # END SANESECURITY DATABASES

# ========================
# SecuriteInfo Database(s)
# ========================
# Only active when you set your securiteinfo_authorisation_signature
# Add or remove database file names between quote marks as needed.  To
# disable any SecuriteInfo database downloads, remove the appropriate
# lines below.
declare -a securiteinfo_dbs=( #START SECURITEINFO DATABASES
### Securiteinfo https://www.securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml
## REQUIRED, Do NOT disable
securiteinfo.ign2|REQUIRED # Signature Whitelist
# LOW
securiteinfo.hdb|LOW # Malwares in the Wild
javascript.ndb|LOW # Malwares Javascript
securiteinfohtml.hdb|LOW # Malwares HTML
securiteinfoascii.hdb|LOW # Text file malwares (Perl or shell scripts, bat files, exploits, ...)
securiteinfopdf.hdb|LOW # Malwares PDF
securiteinfoandroid.hdb|LOW # Malwares Java/Android Dalvik
# HIGH
spam_marketing.ndb|HIGH # Spam Marketing /  spammer blacklist
) #END SECURITEINFO DATABASES

# ========================
# Linux Malware Detect Database(s)
# ========================
# Add or remove database file names between quote marks as needed.  To
# disable any SecuriteInfo database downloads, remove the appropriate
# lines below.
declare -a linuxmalwaredetect_dbs=(
### Linux Malware Detect https://www.rfxn.com/projects/linux-malware-detect/
# LOW
rfxn.ndb|LOW # HEX Malware detection signatures
rfxn.hdb|LOW # MD5 malware detection signatures
) #END LINUXMALWAREDETECT DATABASES

# ========================
# Yara Rules Project Database(s)
# ========================
# Add or remove database file names between quote marks as needed.  To
# disable any Yara Rule database downloads, remove the appropriate
# lines below.
declare -a yararulesproject_dbs=(
### Yara Rules https://github.com/Yara-Rules/rules
#
# Some rules are now in sub-directories. To reference a file in a sub-directory
# use subdir/file
# LOW
Antidebug_AntiVM/antidebug_antivm.yar|LOW # anti debug and anti virtualization techniques used by malware
Exploit-Kits/EK_Angler.yar|LOW # Angler Exploit Kit Redirector
Exploit-Kits/EK_Blackhole.yar|LOW # BlackHole2 Exploit Kit Detection
Exploit-Kits/EK_BleedingLife.yar|LOW # BleedingLife2 Exploit Kit Detection
Exploit-Kits/EK_Crimepack.yar|LOW # CrimePack Exploit Kit Detection
Exploit-Kits/EK_Eleonore.yar|LOW # Eleonore Exploit Kit Detection
Exploit-Kits/EK_Fragus.yar|LOW # Fragus Exploit Kit Detection
Exploit-Kits/EK_Phoenix.yar|LOW # Phoenix Exploit Kit Detection
Exploit-Kits/EK_Sakura.yar|LOW # Sakura Exploit Kit Detection
Exploit-Kits/EK_ZeroAcces.yar|LOW # ZeroAccess Exploit Kit Detection
Exploit-Kits/EK_Zerox88.yar|LOW # 0x88 Exploit Kit Detection
Exploit-Kits/EK_Zeus.yar|LOW # Zeus Exploit Kit Detection
# MEDIUM
Malicious_Documents/maldoc_somerules.yar|MEDIUM # documents with malicious code
Malicious_Documents/Maldoc_Hidden_PE_file.yar|MEDIUM # Detect a hidden PE file inside a sequence of numbers (comma separated)
Packers/packer.yar|MEDIUM # well-known sofware packers
CVE_Rules/CVE-2010-0805.yar|MEDIUM # CVE 2010 0805
CVE_Rules/CVE-2010-0887.yar|MEDIUM # CVE 2010 0887
CVE_Rules/CVE-2010-1297.yar|MEDIUM # CVE 2010 1297
CVE_Rules/CVE-2013-0074.yar|MEDIUM # CVE 2013 0074
CVE_Rules/CVE-2013-0422.yar|MEDIUM # CVE 2013 0422
CVE_Rules/CVE-2015-5119.yar|MEDIUM # CVE 2015 5119
# HIGH
Packers/Javascript_exploit_and_obfuscation.yar|HIGH # JavaScript Obfuscation Detection
Crypto/crypto.yar|HIGH # detect the existence of cryptographic algoritms
) #END yararulesproject DATABASES

# =========================
# Additional signature databases
# =========================
# Additional signature databases can be specified here in the following
# format: PROTOCOL://URL-or-IP/PATH/TO/FILE-NAME (use a trailing "/" in
# place of the "FILE-NAME" to download all files from specified location,
# but this *ONLY* works for files downloaded via rsync).  For non-rsync
# downloads, wget and curl is used.  For download protocols supported by
# wget and curl, see "man wget" and "man curl".
# This also works well for locations that have many ClamAV
# servers that use 3rd party signature databases, as only one server need
# download the remote databases, and all others can update from the local
# mirrors copy.  See format examples below.  To use, remove the comments
# and examples shown and add your own sites between the quote marks.
#declare -a additional_dbs=(
#   rsync://192.168.1.50/new-db/sigs.hdb
#   rsync://rsync.example.com/all-dbs/
#   ftp://ftp.example.net/pub/sigs.ndb
#   http://www.example.org/sigs.ldb
#) #END ADDITIONAL DATABASES


# ==================================================
# ==================================================
# A D V A N C E D   O P T I O N S
# ==================================================
# ==================================================

# Enable or disable download time randomization.  This allows the script to
# be executed via cron, but the actual database file checking will pause
# for a random number of seconds between the "min" and "max" time settings
# specified below.  This helps to more evenly distribute load on the host
# download sites.  To disable, set the following variable to "no".
enable_random="yes"

# Enable to prevent issues with multiple instances running
# To disable, set the following variable to "no".
enable_locking="yes"

# If download time randomization is enabled above (enable_random="yes"),
# then set the min and max radomization time intervals (in seconds).
min_sleep_time="60"    # Default minimum is 60 seconds (1 minute).
max_sleep_time="600"   # Default maximum is 600 seconds (10 minutes).

# Command to do a full clamd service stop/start
#clamd_restart_opt="service clamd restart"

# Custom Command Paths, these are detected with the which command when not set
#uname_bin="/usr/bin/uname"
#clamscan_bin="/usr/bin/clamscan"
#rsync_bin="/usr/bin/rsync"
#wget_bin="/usr/bin/wget"
#curl_bin="/usr/bin/curl"
#gpg_bin="/usr/bin/gpg"

# GnuPG / Signature verification
# To disable usage of gpg, set the following variable to "no".
# If gpg_bin cannot be found, enable_gpg will automatically disable
enable_gpg="yes"

# If running clamd in "LocalSocket" mode (*NOT* in TCP/IP mode), and
# either "SOcket Cat" (socat) or the "IO::Socket::UNIX" perl module
# are installed on the system, and you want to report whether clamd
# is running or not, uncomment the "clamd_socket" variable below (you
# will be warned if neither socat nor IO::Socket::UNIX are found, but
# the script will still run).  You will also need to set the correct
# path to your clamd socket file (if unsure of the path, check the
# "LocalSocket" setting in your clamd.conf file for socket location).
#clamd_socket="/tmp/clamd.socket"

# Set rsync connection and data transfer timeout limits in seconds.
# The defaults settings here are reasonable, only change if you are
# experiencing timeout issues.
rsync_connect_timeout="60"
rsync_max_time="180"

# Ignore ssl errors and warnings, ie. operate in insecure mode.
downloader_ignore_ssl="yes" # Default is "yes" ignore ssl errors and warnings

# Set downloader connection, data transfer timeout limits in seconds.
# The defaults settings here are reasonable, only change if you are
# experiencing timeout issues.
downloader_connect_timeout="60"
downloader_max_time="180"

# Set downloader retry count for failed transfers
downloader_tries="3"

# Set working directory paths (edit to meet your own needs). If these
# directories do not exist, the script will attempt to create them.
# Always located inside the work_dir, do not add /
# Sub-directory names:
sanesecurity_dir="dbs-ss"        # Sanesecurity sub-directory
securiteinfo_dir="dbs-si"        # SecuriteInfo sub-directory
linuxmalwaredetect_dir="dbs-lmd"      # Linux Malware Detect sub-directory
malwarepatrol_dir="dbs-mbl"      # MalwarePatrol sub-directory
yararulesproject_dir="dbs-yara"      # Yara-Rules sub-directory
work_dir_configs="configs"   # Script configs sub-directory
gpg_dir="gpg-key"      # Sanesecurity GPG Key sub-directory
pid_dir="pid"      # User defined pid sub-directory
add_dir="dbs-add"      # User defined databases sub-directory

# If you would like to make a backup copy of the current running database
# file before updating, leave the following variable set to "yes" and a
# backup copy of the file will be created in the production directory
# with -bak appended to the file name.
keep_db_backup="no"

# When a database integrity has tested BAD, the failed database will be removed.
remove_bad_database="yes"

# When a database is disabled we will remove the associated database files.
remove_disabled_databases="no" # Default is "no" since we are not a database managament tool by default.

# Enable SELinux fixes, ie. running restorecon on the database files.
# **Run the following command as root to enable clamav selinux support**
# setsebool -P antivirus_can_scan_system true
#
selinux_fixes="no" # Default is "no" ignore ssl errors and warnings

# If necessary to proxy database downloads, define the rsync and/or wget
# proxy settings here.  For rsync, the proxy must support connections to
# port 873.  Both wget and rsync proxy setting need to be defined in the
# format of "hostname:port".  For wget, also note the https and http
#rsync_proxy=""
#curl_proxy=""
#wget_proxy_http="-e http_proxy=http://username:password@proxy_host:proxy_port"
#wget_proxy_https="-e https_proxy=https://username:password@proxy_host:proxy_port"


# Custom Cron install settings, these are detected and only used if you want to override
# the automatic detection and generation of the values when not set, this is mainly to aid package maintainers
#cron_dir="" #default: /etc/cron.d
#cron_filename="" #default: clamav-unofficial-sigs
#cron_minute="" #default: random value between 0-59
#cron_user="" #default: uses the clam_user
#cron_bash="" #default: detected with the which command
#cron_script_full_path="" #default: detected to the fullpath of the script

# Custom logrotate install settings, these are detected and only used if you want to override
# the automatic detection and generation of the values when not set, this is mainly to aid package maintainers
#logrotate_dir="" #default: /etc/logrotate.d
#logrotate_filename="" #default: clamav-unofficial-sigs
#logrotate_user="" #default: uses the clam_user
#logrotate_group="" #default: uses the clam_group
#logrotate_log_file_full_path="" #default: detected to the $log_file_path/$log_file_name

# Custom man install settings, these are detected and only used if you want to override
# the automatic detection and generation of the values when not set, this is mainly to aid package maintainers
#man_dir="" #default: /usr/share/man/man8
#man_filename="" #default: clamav-unofficial-sigs.8

# Provided two variables that package and port maintainers can use in order to
# prevent the script from removing itself with the '-r' flag
# If the script was installed via a package manager like yum, apt, pkg, etc.
# The script will instead provide feedback to the user about how to uninstall the package.
#pkg_mgr="" #the package manager name
#pkg_rm="" #the package manager command to remove the script

# Custom full working directory paths, these are detected and only used if you want to override
# the automatic detection and generation of the values when not set, this is mainly to aid package maintainers
#work_dir_sanesecurity="" #default: uses work_dir/sanesecurity_dir
#work_dir_securiteinfo="" #default: uses work_dir/securiteinfo_dir
#work_dir_linuxmalwaredetect="" #default: uses work_dir/linuxmalwaredetect_dir
#work_dir_malwarepatrol="" #default: uses work_dir/malwarepatrol_dir
#work_dir_yararulesproject="" #default: uses work_dir/yararulesproject_dir
#work_dir_add="" #default: uses work_dir/add_dir
#work_dir_work_configs="" #default: uses work_dir/work_dir_configs
#work_dir_gpg="" #default: uses work_dir/gpg_dir
#work_dir_pid="" #default: uses work_dir/pid_dir

# ========================
# After you have completed the configuration of this file, set the value to "yes"
user_configuration_complete="no"

# ========================
# DO NOT EDIT !
# Database provider URLs
sanesecurity_url="rsync.sanesecurity.net"
sanesecurity_gpg_url="http://www.sanesecurity.net/publickey.gpg"
securiteinfo_url="https://www.securiteinfo.com/get/signatures"
linuxmalwaredetect_url="http://cdn.rfxn.com/downloads"
malwarepatrol_url="https://lists.malwarepatrol.net/cgi/getfile"
yararulesproject_url="https://raw.githubusercontent.com/Yara-Rules/rules/master"

# ========================
# DO NOT EDIT !
config_version="73"

# https://eXtremeSHOK.com ######################################################