/----------------------------------------------------------------------------
| Default settings altered
Some of the default settings have been altered, see here for more info:
/usr/share/clamav-unofficial-sigs/conf.d/01-debian.conf
/----------------------------------------------------------------------------
| Overriding default config
To override the default configuration you can either modify [1] or
or place files named *.conf in [2]. Any *.conf file in [2] that has
the same name as one of the files in [3] will cause the file in [3]
to be completely ignored. This makes it easy for a sysadmin to
disable any unwanted configuration in [3].
1. /etc/clamav-unofficial-sigs.conf
2. /etc/clamav-unofficial-sigs.conf.d/
3. /usr/share/clamav-unofficial-sigs/conf.d/
/----------------------------------------------------------------------------
| Enhanced security
You might like to run the clamav-unofficial-sigs script as a non-root,
non-clamav user for extra security. To get this working, please follow
the following steps.
First create a new system user and group 'clamav-unofficial-sigs' and
add the new user to the ClamAV group.
# adduser --system --no-create-home --disabled-password --disabled-login \
--shell /bin/false --group --home /nonexistent clamav-unofficial-sigs
# adduser clamav-unofficial-sigs clamav
Direct the mail for the new system user to root:
# echo clamav-unofficial-sigs: root >> /etc/aliases
# newaliases
Change the owner/group on the log files and data files to this user.
# chown -R clamav-unofficial-sigs:clamav /var/lib/clamav-unofficial-sigs
# chown -R clamav-unofficial-sigs:clamav /var/cache/clamav-unofficial-sigs
# chown -R clamav-unofficial-sigs:clamav /var/log/clamav-unofficial-sigs.log*
# dpkg-statoverride --add --force --update clamav-unofficial-sigs clamav 0755 /var/lib/clamav-unofficial-sigs
# dpkg-statoverride --add --force --update clamav-unofficial-sigs clamav 0755 /var/lib/clamav-unofficial-sigs/configs
# dpkg-statoverride --add --force --update clamav-unofficial-sigs clamav 0700 /var/lib/clamav-unofficial-sigs/gpg-key
# dpkg-statoverride --add --force --update clamav-unofficial-sigs clamav 0755 /var/cache/clamav-unofficial-sigs
# dpkg-statoverride --add --force --update clamav-unofficial-sigs clamav 0755 /var/cache/clamav-unofficial-sigs/ss-dbs
# dpkg-statoverride --add --force --update clamav-unofficial-sigs clamav 0755 /var/cache/clamav-unofficial-sigs/msrbl-dbs
# dpkg-statoverride --add --force --update clamav-unofficial-sigs clamav 0755 /var/cache/clamav-unofficial-sigs/add-dbs
# dpkg-statoverride --add --force --update clamav-unofficial-sigs clamav 0755 /var/cache/clamav-unofficial-sigs/mbl-dbs
# dpkg-statoverride --add --force --update clamav-unofficial-sigs clamav 0755 /var/cache/clamav-unofficial-sigs/si-dbs
Change the owner (but not the group) of the custom data files in the clamav
database directory to this user.
# chown clamav-unofficial-sigs:clamav /var/lib/clamav/*.hdb* /var/lib/clamav/*.ndb*
Change the permissions on the clamav database directory to set the
sticky bit and group write permission bit. If you installed clamav with
your package manager you may need to use a command other than chmod to
make this more permanent. On Debian, please use dpkg-statoverride.
# dpkg-statoverride --add --force --update clamav clamav 1775 /var/lib/clamav
Edit the cron file and logrotate configuration to use this user.
# sed -i -r -e 's/ (root|clamav) / clamav-unofficial-sigs /' /etc/cron.d/clamav-unofficial-sigs /etc/logrotate.d/clamav-unofficial-sigs
This setup prevents the script from running inappropriate commands as
root and also prevents the script from modifying the official ClamAV
signature databases.
The package is not setup like this by default because packages should not
modify the permissions of other packages files and directories.
/----------------------------------------------------------------------------
| Running as root
If for some reason you want to run the clamav-unofficial-sigs script as root,
you will need to tell the script to chown the database files like this:
# echo \# Running the script as root >> /etc/clamav-unofficial-sigs.conf
# echo clam_user=clamav >> /etc/clamav-unofficial-sigs.conf
# echo clam_group=clamav >> /etc/clamav-unofficial-sigs.conf
# sed -i -e '/^[^#]/s/clamav/root/g' /etc/cron.d/clamav-unofficial-sigs
You may also want to have the script start clamav when it isn't running:
# echo 'start_clamd="invoke-rc.d clamav-daemon start"' >> /etc/clamav-unofficial-sigs.conf
Generated by dwww version 1.15 on Sat Aug 30 14:56:24 CEST 2025.