Merge pull request #76 from extremeshok/dev

5.0.6 update
extremeshok · Apr 3, 2016 · 8c19b14 · 8c19b14
2 parents 49e7017 + 1fdb7e7
commit 8c19b14
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -77,7 +77,12 @@ Usage of free Linux Malware Detect clamav signatures: https://www.rfxn.com/proje
  - Enabled by default, no configuration required
 
 ## Change Log
-### Version 5.0.5 (updated 2016-04-02)
+### Version 5.0.6 (updated 2016-04-04)
+ - eXtremeSHOK.com Maintenance 
+ - Updated winnow databases as per information from Tom @ OITC
+ - Bump config to 58
+
+### Version 5.0.5
  - eXtremeSHOK.com Maintenance 
  - Add support for specifying a custom config dir or file with (--config) -c option
  - Removed default_config

diff --git a/clamav-unofficial-sigs.sh b/clamav-unofficial-sigs.sh
@@ -182,8 +182,8 @@ function help_and_usage () {
 }
 
 #Script Info
-script_version="5.0.5"
-script_version_date="02 April 2016"
+script_version="5.0.6"
+script_version_date="04 April 2016"
 minimum_required_config_version="56"
 
 #default config files

diff --git a/config/master.conf b/config/master.conf
@@ -166,18 +166,21 @@ malwarehash.hsb  #LOW Malware hashes without known Size
 ### OITC http://www.oitc.com/winnow/clamsigs/index.html
 ### Note: the two databases winnow_phish_complete.ndb and winnow_phish_complete_url.ndb should NOT be used together.  
 # LOW
-winnow.attachments.hdb  #LOW Spammed attachments such as pdf/doc/rtf/zip
+winnow.attachments.hdb  #LOW Spammed attachments such as pdf/doc/rtf/zip as well as malware crypted configs
 winnow_malware.hdb  #LOW Current virus, trojan and other malware not yet detected by ClamAV.
 winnow_malware_links.ndb #LOW Links to malware
 winnow_extended_malware.hdb  #LOW contain hand generated signatures for malware 
 winnow_bad_cw.hdb #LOW md5 hashes of malware attachments acquired directly from a group of botnets
+winnow_phish_complete_url.ndb #Low Similar to winnow_phish_complete.ndb except that entire urls are used  
 # MED
-#winnow_phish_complete_url.ndb #Med Similar to winnow_phish_complete.ndb except that entire urls are used  
 #winnow.complex.patterns.ldb  #MED contain hand generated signatures for malware and some egregious fraud  
 #winnow_extended_malware_links.ndb #MED contain hand generated signatures for malware links 
 #winnow_spam_complete.ndb  #MED Signatures to detect fraud and other malicious spam
 # HIGH
 #winnow_phish_complete.ndb #HIGH Phishing and other malicious urls and compromised hosts **DO NOT USE WITH winnow_phish_complete_url**
+### OITC YARA Format rules
+### Note: Yara signatures require ClamAV 0.99 or newer to work
+#winnow_malware.yara #LOW detect spam 
 
 ### SCAMNAILER http://www.scamnailer.info/
 # MED
@@ -395,6 +398,6 @@ yararules_url="https://raw.githubusercontent.com/Yara-Rules/rules/master/"
 
 # ========================
 # do not edit
-config_version="57"
+config_version="58"
 
 # https://eXtremeSHOK.com ######################################################