ClamAV Unofficial Signatures
There are two good approaches to using unofficial signatures on Gentoo (and elsewhere). The first is to use app-antivirus/fangfrisch, and the second is to use freshclam itself. The eXtremeSHOK clamav-unofficial-sigs script is not a secure option.
Freshclam now supports https URLs, so if your unofficial signatures are available direct from an http(s) URL, then adding them to freshclam is easy. For example,
# These HTTP mirrors aren't quite official, but I've asked about them # on the sanesecurity mailing list and someone offered them to the public. DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/badmacro.ndb DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/blurl.ndb DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/junk.ndb DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/jurlbl.ndb DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/jurlbla.ndb DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/lott.ndb
There are only a few downsides to using freshclam:
- Freshclam can't rename the downloaded file, so if the source file is incorrectly named, freshclam will fail to validate it (because clamav won't know how to read it).
- Freshclam only supports http(s), so you're out of luck if your database is only served over rsync.
- There's currently a bug in freshclam that causes it to validate malformed databases, which will crash clamav. So if there's a chance that you'll download a bad database, freshclam may not be the best choice (until that bug is fixed).