Mese: Maggio 2016

Branford Marsalis – Zellerbach Theater, Berkeley, CA (01/16/93)

 

marsalis.collins
  • Label: Bootleg
  • Genre: Jazz
  • Released: 1993

Live recording dated 01/16/93
Place: Zellerbach Theater, Berkeley, CA

 

Tracks CD1:

  1. Intro
  2. Mr Steepee
  3. Skit-Dat-De-Dat (Armstrong)
  4. Stretto from the Ghetto
  5. Intro for Albert Collins
  6. Frosty (with Albert Collins)
  7. Lights Are On But Nobody’s Home (with Albert Collins)
  8. Black Cat Bone (with Albert Collins)
  9. Brother Trying To Catch A Cab (On The East Side) Blues

 

Tracks CD2:

  1. Down Home Blues  (with Linda Hopkins)
  2. Meet Me with Your Black Drawers On (with Albert Collins and Linda Hopkins)
  3. Whatever You Do, It’s Up To You ? (with Albert Collins and Linda Hopkins)

 

Artists:
Branford Marsalis – Sax
Albert Collins – vocals and guitar
Linda Hopkins – vocals
Kenny Kirkland – piano
Robert Hurst III – bass
Jeff “Tain” Watts – drumss

 

Installare definizioni virus Sanesecurity su clamav in Debian per Amavis

Malware

Molti malware e virus non vengono intercettati da amavis/clamav, per aggiungere ulteriori definizioni ci viene in aiuto uno script molto utile e ben fatto su github https://github.com/extremeshok/clamav-unofficial-sigs che ci consente di aggiungere diverse definizioni aggiuntive presenti gratuitamente su internet.

Scaricate il master.zip dal github:

cd /opt
wget https://github.com/extremeshok/clamav-unofficial-sigs/archive/master.zip
unzip master.zip
cd clamav-unofficial-sigs-master/
cp clamav-unofficial-sigs.sh /usr/local/bin/
chmod 755 /usr/local/bin/clamav-unofficial-sigs.sh
mkdir /etc/clamav-unofficial-sigs/
cd config/
cp * /etc/clamav-unofficial-sigs/
mkdir /var/log/clamav-unofficial-sigs/
cd /etc/clamav-unofficial-sigs/
mv os.debian8.conf os.conf

 

Ora editate il file os.conf e commentate clamd_pid=”/var/run/clamd.pid” e de-commentate clamd_socket=”/var/run/clamav/clamd.ctl”, salvate e chiudete.

Editate user.conf e de-commentate la riga user_configuration_complete=”yes”, salvate e chiudete.

Ok adesso siete pronti per lanciarlo la prima  /usr/local/bin/clamav-unofficial-sigs.sh
vedrete che scaricherà diversi db di definizioni e nella /var/lib/clamav trovetere tutte le definizioni aggiuntive con i permessi corretti:

-rw-r--r-- 1 clamav clamav     47260 mag 13 10:18 antidebug_antivm.yar
-rw-r--r-- 1 clamav clamav    288262 mag 13 09:55 blurl.ndb
-rw-r--r-- 1 clamav clamav      1740 mag 13 09:48 bofhland_cracked_URL.ndb
-rw-r--r-- 1 clamav clamav     99837 mag 13 09:48 bofhland_malware_attach.hdb
-rw-r--r-- 1 clamav clamav      4832 mag 13 09:48 bofhland_malware_URL.ndb
-rw-r--r-- 1 clamav clamav      6216 mag 13 09:48 bofhland_phishing_URL.ndb
-rw-r--r-- 1 clamav clamav    378368 apr 15 21:35 bytecode.cld
-rw-r--r-- 1 clamav clamav    417603 mag 13 09:48 crdfam.clamav.hdb
-rw-r--r-- 1 clamav clamav  10137088 mag 13 08:18 daily.cld
-rw-r--r-- 1 clamav clamav     25780 mag 12 10:53 foxhole_filename.cdb
-rw-r--r-- 1 clamav clamav     44147 mar 25 19:53 foxhole_generic.cdb
-rw-r--r-- 1 clamav clamav     48176 ago  5  2015 hackingteam.hsb
-rw-r--r-- 1 clamav clamav   6595967 mag 11 09:54 junk.ndb
-rw-r--r-- 1 clamav clamav   1687824 mag 13 09:55 jurlbl.ndb
-rw-r--r-- 1 clamav clamav 109143933 mar 29 17:19 main.cvd
-rw-r--r-- 1 clamav clamav      8376 mag 13 10:18 malicious_document.yar
-rw-r--r-- 1 clamav clamav      9460 feb 19  2015 malwarehash.hsb
-rw-r--r-- 1 clamav clamav      1040 mag 13 10:18 mirrors.dat
-rw-r--r-- 1 clamav clamav   3859098 mag 11 21:14 phish.ndb
-rw-r--r-- 1 clamav clamav   5055292 mag 13 09:46 phishtank.ndb
-rw-r--r-- 1 clamav clamav     56820 mag 13 09:46 porcupine.hsb
-rw-r--r-- 1 clamav clamav    298884 mag 13 09:46 porcupine.ndb
-rw-r--r-- 1 clamav clamav    598699 apr  6 03:48 rfxn.hdb
-rw-r--r-- 1 clamav clamav    437666 apr  6 03:48 rfxn.ndb
-rw-r--r-- 1 clamav clamav   3203193 mag 12 16:56 rogue.hdb
-rw-r--r-- 1 clamav clamav     11102 mar  9 09:56 sanesecurity.ftm
-rw-r--r-- 1 clamav clamav      1462 lug  1  2015 Sanesecurity_sigtest.yara
-rw-r--r-- 1 clamav clamav      1233 feb 22 13:21 Sanesecurity_spam.yara
-rw-r--r-- 1 clamav clamav   1881431 apr 21 09:58 scam.ndb
-rw-r--r-- 1 clamav clamav      6679 apr  6 13:55 sigwhitelist.ign2
-rw-r--r-- 1 clamav clamav       199 apr  6 16:55 spamattach.hdb
-rw-r--r-- 1 clamav clamav       671 apr 18 17:57 spamimg.hdb
-rw-r--r-- 1 clamav clamav    526635 mag 12 09:14 winnow.attachments.hdb
-rw-r--r-- 1 clamav clamav        66 mag 12 09:14 winnow_bad_cw.hdb
-rw-r--r-- 1 clamav clamav    107753 mag 12 09:14 winnow_extended_malware.hdb
-rw-r--r-- 1 clamav clamav    165256 mag 12 09:14 winnow_malware.hdb
-rw-r--r-- 1 clamav clamav    632292 mag 12 09:14 winnow_malware_links.ndb
-rw-r--r-- 1 clamav clamav      1584 mag 12 09:14 winnow_malware.yara

Ora lanciate questo comando per vedere se clamav li ha presi in carico:

clamscan --debug 2>&1 /dev/null | grep "loaded"

Dovrebbe dare un output del genere:

LibClamAV debug: /var/lib/clamav/sigwhitelist.ign2 loaded
LibClamAV debug: daily.info loaded
LibClamAV debug: daily.cfg loaded
LibClamAV debug: daily.idb loaded
LibClamAV debug: daily.pdb loaded
LibClamAV debug: daily.ndb loaded
LibClamAV debug: daily.ign loaded
LibClamAV debug: daily.crb loaded
LibClamAV debug: daily.cdb loaded
LibClamAV debug: daily.ldb loaded
LibClamAV debug: daily.hdb loaded
LibClamAV debug: daily.fp loaded
LibClamAV debug: daily.mdb loaded
LibClamAV debug: daily.wdb loaded
LibClamAV debug: daily.msb loaded
LibClamAV debug: daily.sfp loaded
LibClamAV debug: cli_loadftm: File type signature for HWP embedded OLE2 not loaded (required f-level: 82)
LibClamAV debug: cli_loadftm: File type signature for HWPML Document not loaded (required f-level: 82)
LibClamAV debug: cli_loadftm: File type signature for HWP3 Document not loaded (required f-level: 82)
LibClamAV debug: daily.ftm loaded
LibClamAV debug: daily.ign2 loaded
LibClamAV debug: daily.hsb loaded
LibClamAV debug: /var/lib/clamav/daily.cld loaded
LibClamAV debug: /var/lib/clamav/scam.ndb loaded
LibClamAV debug: bytecode.info loaded
LibClamAV debug: 3986218.cbc loaded
LibClamAV debug: 4306157.cbc loaded
LibClamAV debug: 3986289.cbc loaded
LibClamAV debug: 3986233.cbc loaded
LibClamAV debug: 3986223.cbc loaded
LibClamAV debug: 3986337.cbc loaded
LibClamAV debug: 3986310.cbc loaded
LibClamAV debug: 3986234.cbc loaded
LibClamAV debug: 3986212.cbc loaded
LibClamAV debug: 3986306.cbc loaded
LibClamAV debug: 3986230.cbc loaded
LibClamAV debug: 3986236.cbc loaded
LibClamAV debug: 3986185.cbc loaded
LibClamAV debug: 3986303.cbc loaded
LibClamAV debug: 3986222.cbc loaded
LibClamAV debug: 3986215.cbc loaded
LibClamAV debug: 3986187.cbc loaded
LibClamAV debug: 3986216.cbc loaded
LibClamAV debug: 3986305.cbc loaded
LibClamAV debug: 3986214.cbc loaded
LibClamAV debug: 4306126.cbc loaded
LibClamAV debug: 3986334.cbc loaded
LibClamAV debug: 3986220.cbc loaded
LibClamAV debug: 3986219.cbc loaded
LibClamAV debug: 3986259.cbc loaded
LibClamAV debug: 3986327.cbc loaded
LibClamAV debug: 3986322.cbc loaded
LibClamAV debug: 3986328.cbc loaded
LibClamAV debug: 3986206.cbc loaded
LibClamAV debug: 3986244.cbc loaded
LibClamAV debug: 3986221.cbc loaded
LibClamAV debug: 3986318.cbc loaded
LibClamAV debug: 3986283.cbc loaded
LibClamAV debug: 3986188.cbc loaded
LibClamAV debug: 3986301.cbc loaded
LibClamAV debug: 3986321.cbc loaded
LibClamAV debug: 3986232.cbc loaded
LibClamAV debug: 3986282.cbc loaded
LibClamAV debug: 3986229.cbc loaded
LibClamAV debug: 3986292.cbc loaded
LibClamAV debug: 3986242.cbc loaded
LibClamAV debug: 3986231.cbc loaded
LibClamAV debug: 3986326.cbc loaded
LibClamAV debug: 3986217.cbc loaded
LibClamAV debug: 3986235.cbc loaded
LibClamAV debug: 3986224.cbc loaded
LibClamAV debug: 3986249.cbc loaded
LibClamAV debug: /var/lib/clamav/bytecode.cld loaded
LibClamAV debug: /var/lib/clamav/bofhland_malware_URL.ndb loaded
LibClamAV debug: /var/lib/clamav/foxhole_filename.cdb loaded
LibClamAV debug: /var/lib/clamav/phishtank.ndb loaded
LibClamAV debug: /var/lib/clamav/winnow.attachments.hdb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.CryptoWall_Resume_phish
LibClamAV debug: load_oneyara: successfully loaded YARA.docx_macro
LibClamAV debug: load_oneyara: successfully loaded YARA.java_JSocket_20151217
LibClamAV debug: cli_loadyara: loaded 3 of 3 yara signatures from /var/lib/clamav/winnow_malware.yara
LibClamAV debug: /var/lib/clamav/winnow_malware.yara loaded
LibClamAV debug: /var/lib/clamav/junk.ndb loaded
LibClamAV debug: /var/lib/clamav/winnow_extended_malware.hdb loaded
LibClamAV debug: /var/lib/clamav/rogue.hdb loaded
LibClamAV debug: /var/lib/clamav/malicious_document.yar loaded
LibClamAV debug: /var/lib/clamav/rfxn.hdb loaded
LibClamAV debug: /var/lib/clamav/bofhland_cracked_URL.ndb loaded
LibClamAV debug: /var/lib/clamav/foxhole_generic.cdb loaded
LibClamAV debug: /var/lib/clamav/rfxn.ndb loaded
LibClamAV debug: /var/lib/clamav/winnow_bad_cw.hdb loaded
LibClamAV debug: /var/lib/clamav/hackingteam.hsb loaded
LibClamAV debug: /var/lib/clamav/spamattach.hdb loaded
LibClamAV debug: /var/lib/clamav/winnow_malware.hdb loaded
LibClamAV debug: /var/lib/clamav/jurlbl.ndb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_TestSig_Type4_Hdr_2
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_TestSig_Type3_Bdy_4
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_TestSig_Type4_Bdy_3
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_PhishingTestSig_1
LibClamAV debug: cli_loadyara: loaded 4 of 4 yara signatures from /var/lib/clamav/Sanesecurity_sigtest.yara
LibClamAV debug: /var/lib/clamav/Sanesecurity_sigtest.yara loaded
LibClamAV debug: /var/lib/clamav/malwarehash.hsb loaded
LibClamAV debug: main.info loaded
LibClamAV debug: main.hdb loaded
LibClamAV debug: main.hsb loaded
LibClamAV debug: main.mdb loaded
LibClamAV debug: main.msb loaded
LibClamAV debug: main.ndb loaded
LibClamAV debug: main.fp loaded
LibClamAV debug: main.sfp loaded
LibClamAV debug: main.crb loaded
LibClamAV debug: /var/lib/clamav/main.cvd loaded
LibClamAV debug: /var/lib/clamav/antidebug_antivm.yar loaded
LibClamAV debug: /var/lib/clamav/crdfam.clamav.hdb loaded
LibClamAV debug: cli_loadftm: File type signature for HWP embedded OLE2 not loaded (required f-level: 82)
LibClamAV debug: cli_loadftm: File type signature for HWPML Document not loaded (required f-level: 82)
LibClamAV debug: cli_loadftm: File type signature for HWP3 Document not loaded (required f-level: 82)
LibClamAV debug: /var/lib/clamav/sanesecurity.ftm loaded
LibClamAV debug: /var/lib/clamav/bofhland_phishing_URL.ndb loaded
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_Spam_test
LibClamAV debug: load_oneyara: successfully loaded YARA.Sanesecurity_Spam_pornspam
LibClamAV debug: cli_loadyara: loaded 2 of 2 yara signatures from /var/lib/clamav/Sanesecurity_spam.yara
LibClamAV debug: /var/lib/clamav/Sanesecurity_spam.yara loaded
LibClamAV debug: /var/lib/clamav/spamimg.hdb loaded
LibClamAV debug: /var/lib/clamav/winnow_malware_links.ndb loaded
LibClamAV debug: /var/lib/clamav/porcupine.hsb loaded
LibClamAV debug: /var/lib/clamav/blurl.ndb loaded
LibClamAV debug: /var/lib/clamav/porcupine.ndb loaded
LibClamAV debug: /var/lib/clamav/phish.ndb loaded
LibClamAV debug: /var/lib/clamav/bofhland_malware_attach.hdb loaded

Se è tutto ok possiamo finalizzare l’installazione aggiungendo lo script per aggiornarlo automaticamente e lo script per la rotazione dei log:

/usr/local/bin/clamav-unofficial-sigs.sh --install-cron
chmod 755 /etc/cron.d/clamav-unofficial-sigs
/usr/local/bin/clamav-unofficial-sigs.sh --install-logrotate

Perfetto, ora Clamav avrà più possibilità di intercettare malware nelle email.