Os arquivos freshclam.conf e o clamd.conf são os arquivos principais de configurações do ClamAV antivírus. Lembrando que na instalação básica (link ao final do artigo) configura-se somente o freshclam.conf.
O parâmetro "DatabaseDirectory /var/lib/clamav" deve ser o mesmo nos arquivos freshclam.conf e clamd.conf. Caso alterar num deve, obrigatoriamente, alterar no outro. Aconselho a deixar no padrão.
Ao executar o freshclam o programa buscará uma atualização no endereço especificado na linha DatabaseMirror e caso não encontre ele passará para o endereço subsequente até encontrar e baixar as atualizações.
Depois ele executará todas as DatabaseCustomURL.
O arquivo em si ficou gigantesco, mas cada atualização completa demora em média apenas 2 a 3 minutos dependendo do seu PC e da sua banda de internet.
AVISO:
"Os espelhos e links se reservam o direito de bloquear seu IP caso você abusar dos downloads e atualizações muitas vezes por hora ou abusar do servidor de qualquer maneira."
Faça atualizações dos bancos de dados e assinaturas com sensatez.
O arquivo abaixo está configurado para atualizar as assinaturas (banco de dados de porcarias, vírus, malware, etc) duas vezes por dia (parametro Checks 2). O padrão é Checks 24 (24 vezes por dias), mas leva em conta somente as assinaturas do próprio ClamAV.
Vamos adicionar mais repositórios no freshclam.conf (verifique o caminho onde foi instalado o clamav, no Debian é em /etc/clamav).
Antes faça um backupo do arquivo original.
# mv /etc/clamav/freshclam.conf /etc/clamav/freshclam.conf.bkp
O arquivo com as configurações abaixo (está completo com espelhos de todo lugar para malware, spam, phishing, etc). Nem precisa de tudo isso, mas depois, caso você queira, pesquise e diminua e/ou altere o arquivo de acordo com as tuas necessidades.
# vim /etc/clamav/freshclam.conf
(usei o vim use teu editor de texto preferido)
# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package
DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 30
ReceiveTimeout 0
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
# Check for new database 2 times a day
Checks 2
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net
#
DatabaseMirror db.br.clamav.net
DatabaseMirror db.ar.clamav.net
DatabaseMirror db.at.clamav.net
DatabaseMirror db.au.clamav.net
DatabaseMirror db.be.clamav.net
DatabaseMirror db.bg.clamav.net
DatabaseMirror db.ca.clamav.net
DatabaseMirror db.ch.clamav.net
DatabaseMirror db.cn.clamav.net
DatabaseMirror db.cz.clamav.net
DatabaseMirror db.de.clamav.net
DatabaseMirror db.dk.clamav.net
DatabaseMirror db.ec.clamav.net
DatabaseMirror db.ee.clamav.net
DatabaseMirror db.es.clamav.net
DatabaseMirror db.fr.clamav.net
DatabaseMirror db.gr.clamav.net
DatabaseMirror db.hk.clamav.net
DatabaseMirror db.hu.clamav.net
DatabaseMirror db.id.clamav.net
DatabaseMirror db.ie.clamav.net
DatabaseMirror db.it.clamav.net
DatabaseMirror db.jp.clamav.net
DatabaseMirror db.kr.clamav.net
DatabaseMirror db.lt.clamav.net
DatabaseMirror db.mx.clamav.net
DatabaseMirror db.nl.clamav.net
DatabaseMirror db.pl.clamav.net
DatabaseMirror db.pt.clamav.net
DatabaseMirror db.ro.clamav.net
DatabaseMirror db.ru.clamav.net
DatabaseMirror db.se.clamav.net
DatabaseMirror db.sg.clamav.net
DatabaseMirror db.sk.clamav.net
DatabaseMirror db.tr.clamav.net
DatabaseMirror db.tw.clamav.net
DatabaseMirror db.ua.clamav.net
DatabaseMirror db.uk.clamav.net
DatabaseMirror db.us.clamav.net
# Argentina
DatabaseMirror clamav.md5.com.ar
# Australia
DatabaseMirror clamav.island.net.au
DatabaseMirror clamav.mirror.pacific.net.au
DatabaseMirror clamavdb.planetmirror.com
# Austria
DatabaseMirror clamav.inode.at
DatabaseMirror xarch.clamav.net
# Belgium
DatabaseMirror clamav.edpnet.net
# Bulgaria
DatabaseMirror clamav.host.bg
DatabaseMirror clamav.paralax.org
# Canada
DatabaseMirror clamav.mirror.rafal.ca
DatabaseMirror clamav.gossamer-threads.com
# China
DatabaseMirror clamav.ialfa.net
# Czech Rrepublic
DatabaseMirror clamav.iol.cz
DatabaseMirror clamav.skynet.cz
DatabaseMirror clamav.mirror.vutbr.cz
# Denmark
DatabaseMirror clamav.dif.dk
DatabaseMirror clamav.mirrors.webpartner.dk
# Ecuador
DatabaseMirror clamav.ecualinux.com
# Estonia
DatabaseMirror clamav.infonet.ee
# France
DatabaseMirror clamav.easynet.fr
DatabaseMirror clamav.inet6.fr
DatabaseMirror clamav.univ-nantes.fr
DatabaseMirror clamav.ovh.net
DatabaseMirror clamav.mirror.waycom.net
# Germany
DatabaseMirror clamav.mirror.fizzelpark.com
DatabaseMirror clamav.informatik.fh-furtwangen.de
DatabaseMirror clamav.lug-norderstedt.de
DatabaseMirror clamav.mcs.de
DatabaseMirror clamav.mirror.myebs.de
DatabaseMirror clamav.pcn.de
DatabaseMirror clamav.power-netz.de
DatabaseMirror clamav.savework.de
DatabaseMirror fuxhausen.tiscali.de
DatabaseMirror clamav.ftpproxy.org
DatabaseMirror clamav.kgt.org
# Greece
DatabaseMirror clamav.forthnet.gr
DatabaseMirror clamav.uoc.gr
# Hong Kong
DatabaseMirror clamav.meiwing.com
DatabaseMirror clamavdb.hostlink.com.hk
DatabaseMirror clamav.cpss.edu.hk
# Hungary
DatabaseMirror clamav.crysys.hu
DatabaseMirror clamav.dc.hu
DatabaseMirror clamav.fisher.hu
DatabaseMirror clamavdb.ikk.sztaki.hu
# Indonesia
DatabaseMirror clamav.cbn.net.id
DatabaseMirror db.clamav.or.id
# Ireland
DatabaseMirror clamavdb.heanet.ie
# Italy
DatabaseMirror clamav.oltrelinux.com
DatabaseMirror clamav.mirror.garr.it
DatabaseMirror clamav.linux.it
DatabaseMirror idea.sec.dico.unimi.it
# Japan
DatabaseMirror clamav.nara.wide.ad.jp
DatabaseMirror clamav-mirror.wiseknot.co.jp
DatabaseMirror clamavdb.ml-club.jp
DatabaseMirror clamav.mtcnet.jp
DatabaseMirror clamav.begi.net
DatabaseMirror clamavdb.osj.net
DatabaseMirror clamav.s-lines.net
DatabaseMirror clamav.yukiguni.net
DatabaseMirror clamavdb.mithril-linux.org
# Republic of Korea
DatabaseMirror clamav.hanbiro.com
# Lithuania
DatabaseMirror clamav.vtu.lt
# Mexico
DatabaseMirror clamav.mpsnet.com.mx
# Netherlands
DatabaseMirror clamav.essentkabel.com
DatabaseMirror clamav.fx-services.com
DatabaseMirror clamav.prolocation.net
DatabaseMirror clamav.mirror.transip.nl
DatabaseMirror clamav.unnet.nl
DatabaseMirror clamav.xs4all.nl
DatabaseMirror clamav.packetstorm.nu
# Poland
DatabaseMirror database.clamav.ps.pl
# Portugal
DatabaseMirror clamav.linux.pt
# Romania
DatabaseMirror clamav.iasi.roedu.net
# Russian Federation
DatabaseMirror clamav.citrin.ru
DatabaseMirror clamav.eastweb.ru
DatabaseMirror clamav.unix.su
# Singapore
DatabaseMirror clamav.acnova.com
# Slovakia
DatabaseMirror clamav.hq.alert.sk
# Spain
DatabaseMirror clamav.talika.eii.us.es
# Sweden
DatabaseMirror clamav.kratern.se
DatabaseMirror clamav.df.lth.se
DatabaseMirror clamav.mainloop.se
# Switzerland
DatabaseMirror switch.clamav.net
# Taiwan
DatabaseMirror clamav.cs.pu.edu.tw
DatabaseMirror clamav.stu.edu.tw
# Turkey
DatabaseMirror clamav.enderunix.org
DatabaseMirror clamav.ubak.gov.tr
# Ukraine
DatabaseMirror clamav.intercom.net.ua
# United Kingdom
DatabaseMirror clamav.mirror.camelnetwork.com
DatabaseMirror clamav.dbplc.com
DatabaseMirror clamav.spod.org
DatabaseMirror clamav.public-internet.co.uk
# United States
DatabaseMirror clamav.catt.com
DatabaseMirror clamav.clearfield.com
DatabaseMirror clamav.devolution.com
DatabaseMirror clamav.edebris.com
DatabaseMirror clamav.edgescape.com
DatabaseMirror clamav.infotex.com
DatabaseMirror clamav.irontec.com
DatabaseMirror clamav.liquidweb.com
DatabaseMirror clamav.pathlink.com
DatabaseMirror avmirror2.prod.rxgsys.com
DatabaseMirror clamav.theshell.com
DatabaseMirror clamav-du.viaverio.com
DatabaseMirror clamav-sj.viaverio.com
DatabaseMirror clamav.walkertek.com
DatabaseMirror clamav.westlinks.com
DatabaseMirror clamav.xyxx.com
DatabaseMirror clamav.pinna.cx
DatabaseMirror clamav.unet.brandeis.edu
DatabaseMirror clamav.bridgeband.net
DatabaseMirror clamav.inoc.net
DatabaseMirror clamav-000.mirrors.nks.net
DatabaseMirror clamav-001.mirrors.nks.net
DatabaseMirror clamav-002.mirrors.nks.net
DatabaseMirror clamav-003.mirrors.nks.net
DatabaseMirror clamav-004.mirrors.nks.net
DatabaseMirror clamav-005.mirrors.nks.net
DatabaseMirror clamav.oc1.mirrors.redwire.net
DatabaseMirror clamav.securityminded.net
DatabaseMirror clamav.securitywonks.net
DatabaseMirror clamav.sonic.net
# #
# Malware
DatabaseCustomURL https://cdn.malware.expert/malware.expert.ndb
DatabaseCustomURL https://cdn.malware.expert/malware.expert.hdb
DatabaseCustomURL https://cdn.malware.expert/malware.expert.ldb
DatabaseCustomURL https://cdn.malware.expert/malware.expert.fp
#
# Sanesecurity: malware, spam, phishing, lottery, etc
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/MiscreantPunch099-INFO-Low.ldb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/MiscreantPunch099-Low.ldb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/Sanesecurity_BlackEnergy.yara
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/Sanesecurity_sigtest.yara
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/Sanesecurity_spam.yara
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/badmacro.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/blurl.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/junk.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/jurlbla.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/lott.ndb
#
# Bofhland
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
#
# Foxhole
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_all.cdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_all.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_js.cdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_js.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_links.ldb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/foxhole_mail.cdb
#
# Malware.expert
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/malware.expert.fp
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/malware.expert.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/malware.expert.ldb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/malware.expert.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/phish.ndb
#
# Porcupine
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/phishtank.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/porcupine.hsb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/porcupine.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/rogue.hdb
#
# Spam
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/scam.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/scamnailer.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/shelter.ldb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/spam.ldb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/spamattach.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/spamimg.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/spear.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/spearl.ndb
#
# Winnow
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow.complex.patterns.ldb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow_extended_malware_links.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb
# DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow_phish_complete.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow_phish_complete_url.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/winnow_spam_complete.ndb
#
# Maldet
DatabaseCustomURL https://www.rfxn.com/downloads/rfxn.ndb
DatabaseCustomURL https://www.rfxn.com/downloads/rfxn.hdb
#
# Phishing, scams and other junk, hashes of spam documents and images
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/crdfam.clamav.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/doppelstern-phishtank.ndb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/doppelstern.hdb
DatabaseCustomURL https://ftp.swin.edu.au/sanesecurity/doppelstern.ndb
Salve e saia do arquivo.
Deixo a título de informação a descrição de algumas assinaturas:
NOTA: Use somente um dois dois, ou um ou outro: winnow_phish_complete.ndb ou winnow_phish_complete_url.ndb.
No arquivo freshclamav.conf já deixei o winnow_phish_complete.ndb comentado.
Maiores informações aqui:
https://ftp.swin.edu.au/sanesecurity/readme.txt