3 KiB
3 KiB
Additional Databases for ClamAV
Default ClamAV databases has not great detection level, but it could be enhanced with free or paid signature databases.
List of known free databases
- SecurityInfo - free ClamAV DBs for testing purposes, required registration after which you can use them from 1 IP
- InterServer - free to use ClamAV DBs, but they do not fit well for email scanning
Enable SecuriteInfo databases
- Sign up for a free account at https://www.securiteinfo.com/clients/customers/signup
- You will receive an email to activate your account and then a follow-up email with your login name
- Login and navigate to your customer account: https://www.securiteinfo.com/clients/customers/account
- Click on the Setup tab
- You will need to get
your_id
from one of the download links, they are individual for every user - Add to
data/conf/clamav/freshclam.conf
with replacedyour_id
part:
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.ign2
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/javascript.ndb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/spam_marketing.ndb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfohtml.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfoascii.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfopdf.hdb
- Adjust
data/conf/clamav/clamd.conf
to align with next settings:
DetectPUA yes
ExcludePUA PUA.Win.Packer
ExcludePUA PUA.Win.Trojan.Packed
ExcludePUA PUA.Win.Trojan.Molebox
ExcludePUA PUA.Win.Packer.Upx
ExcludePUA PUA.Doc.Packed
MaxScanSize 150M
MaxFileSize 100M
MaxRecursion 40
MaxEmbeddedPE 100M
MaxHTMLNormalize 50M
MaxScriptNormalize 50M
MaxZipTypeRcg 50M
- Restart ClamAV container:
docker-compose restart clamd-mailcow
Please note:
- You can't use
ExcludePUA
andIncludePUA
inclamd.conf
simultaneously, so please comment anyIncludePUA
if you uncommented them before. - List of databases provided in this example fit most use-cases, but SecuriteInfo also provides other databases. Please check SecuriteInfo FAQ for additional information.
- With the current DB set (including default DBs) ClamAV will consume about 1.3Gb of RAM on your server.
- If you modified
message_size_limit
in Postfix you need to adaptMaxSize
settings in ClamAV as well.
Enable InterServer databases
- Add to
data/conf/clamav/freshclam.conf
:
DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
DatabaseCustomURL http://sigs.interserver.net/interservertopline.db
DatabaseCustomURL http://sigs.interserver.net/shell.ldb
DatabaseCustomURL http://sigs.interserver.net/whitelist.fp
- Restart ClamAV container:
docker-compose restart clamd-mailcow