Решил ещё потратить чуть свободного времени и привести список известных мне дополнительных баз сигнатур для ClamAV cо ссылками:### http://www.sanesecurity.com/clamav/databases.htm
### SANESECURITY http://sanesecurity.com/usage/signatures/
sanesecurity.ftm #REQUIRED Message file types, for best performance
sigwhitelist.ign2 #REQUIRED Fast update file to whitelist any problem signatures
junk.ndb #LOW General high hitting junk, containing spam/phishing/lottery/jobs/419s etc
jurlbl.ndb #LOW Junk Url based
phish.ndb #LOW Phishing
rogue.hdb #LOW Malware, Rogue anti-virus software and Fake codecs etc. Updated hourly to cover the latest malware threats
scam.ndb #LOW Spam/scams
spamimg.hdb #LOW Spam images
spamattach.hdb #LOW Spam Spammed attachments such as pdf/doc/rtf/zip
blurl.ndb #LOW Blacklisted full urls over the last 7 days, covering malware/spam/phishing. URLs added only when main signatures have failed to detect but are known to be "bad"
spear.ndb #MED Spear phishing email addresses (autogenerated from data here)
lott.ndb #MED Lottery
spam.ldb #MED Spam detected using the new Logical Signature type
spearl.ndb #MED Spear phishing urls (autogenerated from data here)
jurlbla.ndb #MED Junk Url based autogenerated from various feeds
badmacro.ndb #MED Detect dangerous macros
Sanesecurity_sigtest.yara #LOW Sanesecurity test signatures
Sanesecurity_spam.yara #LOW detect spam
### FOXHOLE http://sanesecurity.com/foxhole-databases/
malwarehash.hsb #LOW Malware hashes without known Size
foxhole_generic.cdb #MED See Foxhole page for more details
foxhole_filename.cdb #MED See Foxhole page for more details
foxhole_all.cdb #HIGH See Foxhole page for more details
### OITC http://www.oitc.com/winnow/clamsigs/index.html
winnow.attachments.hdb #LOW Spammed attachments such as pdf/doc/rtf/zip
winnow_malware.hdb #LOW Current virus, trojan and other malware not yet detected by ClamAV.
winnow_malware_links.ndb #LOW Links to malware
winnow_extended_malware.hdb #LOW contain hand generated signatures for malware
winnow_bad_cw.hdb #LOW md5 hashes of malware attachments acquired directly from a group of botnets
winnow_phish_complete_url.ndb #Med Similar to winnow_phish_complete.ndb except that entire urls are used
winnow.complex.patterns.ldb #MED contain hand generated signatures for malware and some egregious fraud
winnow_extended_malware_links.ndb #MED contain hand generated signatures for malware links
winnow_spam_complete.ndb #MED Signatures to detect fraud and other malicious spam
#winnow_phish_complete.ndb #HIGH Phishing and other malicious urls and compromised hosts **DO NOT USE WITH winnow_phish_complete_url**
### SCAMNAILER http://www.scamnailer.info/
scamnailer.ndb #MED Spear phishing and other phishing emails
### BOFHLAND http://clamav.bofhland.org/
bofhland_cracked_URL.ndb #LOW Spam URLs
bofhland_malware_URL.ndb #LOW Malware URLs
bofhland_phishing_URL.ndb #LOW Phishing URLs
bofhland_malware_attach.hdb #LOW Malware Hashes
### RockSecurity http://rooksecurity.com/
hackingteam.hsb #LOW Hacking Team hashes
### CRDF https://threatcenter.crdf.fr/
crdfam.clamav.hdb #LOW List of new threats detected by CRDF Anti Malware
### Porcupine
porcupine.ndb #LOW Brazilian e-mail phishing and malware signatures
phishtank.ndb #LOW Online and valid phishing urls from phishtank.com data feed
### Securiteinfo https://www.securiteinfo.com/services/improve-detection-rate...
securiteinfo.ign2
securiteinfo.hdb #LOW Malwares in the Wild
javascript.ndb #LOW Malwares Javascript
securiteinfohtml.hdb #LOW Malwares HTML
securiteinfoascii.hdb #LOW Text file malwares (Perl or shell scripts, bat files, exploits, ...)
securiteinfopdf.hdb #LOW Malwares PDF
#spam_marketing.ndb #HIGH Spam Marketing / spammer blacklist
### Linux Malware Detect https://www.rfxn.com/projects/linux-malware-detect/
rfxn.ndb #LOW HEX Malware detection signatures
rfxn.hdb #LOW MD5 malware detection signatures
# MalwarePatrol Database
malwarepatrol_db="malwarepatrol.db" #LOW URLs containing of Viruses, Trojans, Worms, or Malware
### Yara Rules https://github.com/Yara-Rules/rules
antidebug.yar #LOW anti debug and anti virtualization techniques used by malware
malicious_document.yar #LOW documents with malicious code
packer.yar #MED well-known sofware packers
#crypto.yar #HIGH detect the existence of cryptographic algoritms
### http://www.google.com/transparencyreport/safebrowsing
### http://www.clamav.net/documentation.html#safebrowsing
Если не желаете запускать скрипт https://github.com/extremeshok/clamav-unofficial-sigs можно прямо в /etc/freshclam.conf добавить:
SafeBrowsing yes
# Download an additional 3rd party signature database distributed through
# the ClamAV mirrors.
# This option can be used multiple times.
#ExtraDatabase dbname1
#ExtraDatabase dbname2
К ссылкам для загрузки добавит имя файла с соответствующего раздела приведенного выше:
sanesecurity_url="rsync.sanesecurity.net"
sanesecurity_gpg_url="http://www.sanesecurity.net/publickey.gpg"
securiteinfo_url="https://www.securiteinfo.com/get/signatures/"
linuxmalwaredetect_url="http://cdn.rfxn.com/downloads/"
malwarepatrol_free_url="https://lists.malwarepatrol.net/cgi/getfile?product=8&list=c...
malwarepatrol_subscription_url="https://lists.malwarepatrol.net/cgi/getfile?product=15&list=...
yararules_url="https://raw.githubusercontent.com/Yara-Rules/rules/master/&q...