XWall · The Mail Filter
Prerequisites

SecuriteInfo has more than 1 million signatures and parsing them takes a lot of time, CPU and memory.

So be aware that when the ClamAV service starts, there may be a timeout warning.

Make sure ClamAV is properly installed and XWall can communicate native with the ClamAV service

See also Install ClamAV Antivirus Native Win32

If you want to use SaneSecurity Rules too, make sure you configure them first

See also SaneSecurity Quick Start

SecuriteInfo Account

Sign up for a free account at https://www.securiteinfo.com/​clients/customers/signup

You will recieve an e-mail to activate your account and then a followup e-mail with your login name

Login and navigate to your customer account https://www.securiteinfo.com/​clients/customers/account

Click on the Setup tab

You will need to get your unique identifier from one of the download links, they are individual for every user

The 128 character string is after the http://www.securiteinfo.com/​get/signatures/

Sample: https://www.securiteinfo.com/​get/signatures/​xxx_your_unique_string_xxx/​securiteinfo.hdb

Download SecuriteInfo rules using SaneSecurity ClamSup

Open ClamSup.ini with an editor, usually located in C:\ClamSup, and locate the SecuriteInfo databases section near the end of the file.

Remove all entries from that section and replace them with the following, replacing ​xxx_your_unique_string_xxx​ with your own unique id

# securiteinfo.hdb : ​Mainly executable malwares (exe, com, dll, ...)
# securiteinfohtml.hdb and javascript.ndb : ​HTML or Javascript malwares
# securiteinfoascii.hdb : ​text file malwares (Perl or shell scripts, bat files, exploits, ...)
# spam_marketing.ndb : ​spammer blacklist. Warning, this file can generate some false positives !
http://www.securiteinfo.com/​get/​signatures/​xxx_your_unique_string_xxx;​securiteinfo.hdb;N;Y;Y;N;N
http://www.securiteinfo.com/​get/​signatures/​xxx_your_unique_string_xxx;​securiteinfo.ign2;N;Y;Y;N;N
http://www.securiteinfo.com/​get/​signatures/​xxx_your_unique_string_xxx;​javascript.ndb;N;Y;Y;N;N
http://www.securiteinfo.com/​get/​signatures/​xxx_your_unique_string_xxx;​spam_marketing.ndb;N;Y;Y;N;N
http://www.securiteinfo.com/​get/​signatures/​xxx_your_unique_string_xxx;​securiteinfohtml.hdb;N;Y;Y;N;N
http://www.securiteinfo.com/​get/​signatures/​xxx_your_unique_string_xxx;​securiteinfoascii.hdb;N;Y;Y;N;N

Open a DOS Box, change to the ClamSup directory and type

start ClamSup.bat -v

ClamSup will run for a few minutes and download all SaneSecurity and SecuriteInfo databases. After the download ClamSup copies the databases into the ClamAV db folder and restarts ClamAV.

In the case ClamSup.bat immediately closes, locate clamsup.error and check the error. Once you fixed the error, start ClamSup.bat again.

Download SecuriteInfo rules using FreshClam

Open freshclam.conf with an editor, usually located in C:\ClamAV and add the following lines:

DatabaseCustomURL ​http://www.securiteinfo.com/​get/​signatures/​xxx_your_unique_string_xxx/​securiteinfo.hdb
DatabaseCustomURL ​http://www.securiteinfo.com/​get/​signatures/​xxx_your_unique_string_xxx/​securiteinfo.ign2
DatabaseCustomURL ​http://www.securiteinfo.com/​get/​signatures/​xxx_your_unique_string_xxx/​javascript.ndb
DatabaseCustomURL ​http://www.securiteinfo.com/​get/​signatures/​xxx_your_unique_string_xxx/​spam_marketing.ndb
DatabaseCustomURL ​http://www.securiteinfo.com/​get/​signatures/​xxx_your_unique_string_xxx/​securiteinfohtml.hdb
DatabaseCustomURL ​http://www.securiteinfo.com/​get/​signatures/​xxx_your_unique_string_xxx/​securiteinfoascii.hdb

To restart the FreshClam service open a DOS Box and type

net stop freshclam
net start freshclam

Check the freshclam.log for any errors

© 1996-2017 DataEnter GmbH
Wagramerstrasse 93/5/10 A-1220 Vienna, Austria
support@dataenter.co.at
2017-01-04 / Phone
2017-01-04 / Tablet
Changed: 2017-01-04
Server
Desktop
Copyright © 1996-2017 DataEnter GmbH
Wagramerstrasse 93/5/10 A-1220 Vienna, Austria
Fax: +43 (1) 2020770
support@dataenter.co.at