Hi there,
> On Dec 17, 2020, at 3:44 PM, bobby via clamav-users wrote:
>
> I was going through the released Fireeye tool countermeasures, and
> came upon this:
> https://github.com/fireeye/red_team_tool_countermeasures/blob/master/all-clam.ldb.
> Is this meant to be installed with clamav somehow?
As Joel says you don't need to use this file now that the signatures
are part of the official database, assuming that you somehow keep your
copy/copies of the database up to date, which you obviously should.
You'll see in the archives that on Monday of this week I tested the
all-clam.ldb file for another user, who seemed to be having trouble
using the file. It loaded fine for me and gave the expected extra 23
signatures. I wouldn't expect it to make any appreciable difference
to memory use or performance.
As a general rule for any third-party signatures in _any_ properly
formed file (all-clam.ldb is such a file) all you need to do is drop
the file in the same directory as your other signature files and (if
you haven't told ClamAV to use only the official signatures, which is
an available option) it will use them. Not everyone uses the daemon
('clamd'), but if you are using it then you will either need to tell
it to reload its databases somehow or to restart it - see the docs.
The same applies to things like Yara rules. You can write your own,
put them in a file in the database directory, and away you go.
If the signatures you use from third parties get updated 'upstream'
then you'll need to make some arrangements for keeping your copy up to
date. In some circumstances you can use freshclam to do that, and
other tools available for updating third-party databases have been
mentioned on the list. Again, check the archives.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml