ClamAV Unofficial Signatures

There are two good approaches to using unofficial signatures on Gentoo (and elsewhere). The first is to use, and the second is to use freshclam itself. The eXtremeSHOK clamav-unofficial-sigs script is not a secure option.

Using freshclam
Freshclam now supports https URLs, so if your unofficial signatures are available direct from an http(s) URL, then adding them to freshclam is easy. For example,

There are only a few downsides to using freshclam:


 * 1) Freshclam can't rename the downloaded file, so if the source file is incorrectly named, freshclam will fail to validate it (because clamav won't know how to read it).
 * 2) Freshclam only support http(s), so you're out of luck if your database is only served over rsync.
 * 3) There's currently a bug in freshclam that causes it to validate malformed databases, which will crash clamav. So if there's a chance that you'll download a bad database, freshclam may not be the best choice (until that bug is fixed).