From e7f3323ada19279a345acbb777c932a7beeb6916 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Tue, 8 Aug 2023 14:07:41 +0200
Subject: [PATCH] Aggiornate le custom rules per clamav

---
 defaults/main.yml | 101 +++++++++++++++++++++++++++++-----------------
 1 file changed, 65 insertions(+), 36 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 7c1dd21..033a84f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -120,46 +120,75 @@ clamav_freshclam_enable_bytecode: 'yes'
 #   - ''
 #   - ''
 clamav_freshclam_custom_urls: []
+# See https://github.com/InQuest/awesome-yara for a set of curated repositories
+#
+# From https://gist.github.com/alsyundawy/9df58b03506bad8ccd08e06d15a8fa93
+# Malware
+# - https://cdn.malware.expert/malware.expert.ndb
+# - https://cdn.malware.expert/malware.expert.hdb
+# - https://cdn.malware.expert/malware.expert.ldb
+# - https://cdn.malware.expert/malware.expert.fp
 # Sanesecurity + Foxhole
-# - http://ftp.swin.edu.au/sanesecurity/junk.ndb
-# - http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
-# - http://ftp.swin.edu.au/sanesecurity/phish.ndb
-# #- http://ftp.swin.edu.au/sanesecurity/rogue.ndb
-# - http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm
-# - http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
-# - http://ftp.swin.edu.au/sanesecurity/scam.ndb
-# - http://ftp.swin.edu.au/sanesecurity/spamimg.hdb
-# - http://ftp.swin.edu.au/sanesecurity/spamattach.hdb
-# - http://ftp.swin.edu.au/sanesecurity/blurl.ndb
-# - http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
-# - http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
-# - http://ftp.swin.edu.au/sanesecurity/foxhole_js.cdb
-# - http://ftp.swin.edu.au/sanesecurity/foxhole_js.ndb
-# - http://ftp.swin.edu.au/sanesecurity/foxhole_all.cdb
-# - http://ftp.swin.edu.au/sanesecurity/foxhole_all.ndb
-# - http://ftp.swin.edu.au/sanesecurity/foxhole_mail.cdb
-# - http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
-# - http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
-# - http://ftp.swin.edu.au/sanesecurity/badmacro.ndb
-# - http://ftp.swin.edu.au/sanesecurity/shelter.ldb
+# - https://ftp.swin.edu.au/sanesecurity/MiscreantPunch099-INFO-Low.ldb
+# - https://ftp.swin.edu.au/sanesecurity/MiscreantPunch099-Low.ldb
+# - https://ftp.swin.edu.au/sanesecurity/Sanesecurity_BlackEnergy.yara
+# - https://ftp.swin.edu.au/sanesecurity/Sanesecurity_sigtest.yara
+# - https://ftp.swin.edu.au/sanesecurity/Sanesecurity_spam.yara
+# - https://ftp.swin.edu.au/sanesecurity/badmacro.ndb
+# - https://ftp.swin.edu.au/sanesecurity/blurl.ndb
+# - https://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
+# - https://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
+# - https://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
+# - https://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
+# - https://ftp.swin.edu.au/sanesecurity/crdfam.clamav.hdb
+# - https://ftp.swin.edu.au/sanesecurity/doppelstern-phishtank.ndb
+# - https://ftp.swin.edu.au/sanesecurity/doppelstern.hdb
+# - https://ftp.swin.edu.au/sanesecurity/doppelstern.ndb
+# - https://ftp.swin.edu.au/sanesecurity/foxhole_all.cdb
+# - https://ftp.swin.edu.au/sanesecurity/foxhole_all.ndb
+# - https://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
+# - https://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
+# - https://ftp.swin.edu.au/sanesecurity/foxhole_js.ndb
+# - https://ftp.swin.edu.au/sanesecurity/foxhole_mail.cdb
+# - https://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
+# - https://ftp.swin.edu.au/sanesecurity/junk.ndb
+# - https://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
+# - https://ftp.swin.edu.au/sanesecurity/jurlbla.ndb
+# - https://ftp.swin.edu.au/sanesecurity/lott.ndb
+# - https://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
+# - https://ftp.swin.edu.au/sanesecurity/phish.ndb
+# - https://ftp.swin.edu.au/sanesecurity/rogue.hdb
+# - https://ftp.swin.edu.au/sanesecurity/scam.ndb
+# - https://ftp.swin.edu.au/sanesecurity/scamnailer.ndb
+# - https://ftp.swin.edu.au/sanesecurity/shelter.ldb
+# - https://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
+# - https://ftp.swin.edu.au/sanesecurity/spam.ldb
+# - https://ftp.swin.edu.au/sanesecurity/spamattach.hdb
+# - https://ftp.swin.edu.au/sanesecurity/spamimg.hdb
+# - https://ftp.swin.edu.au/sanesecurity/spear.ndb
+# - https://ftp.swin.edu.au/sanesecurity/spearl.ndb
 # winnow
-# - http://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb
-# - http://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb
-# - http://ftp.swin.edu.au/sanesecurity/winnow_phish_complete_url.ndb
-# - http://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb
-# - http://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
-# - http://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb
-# Malware.expert
-# - http://ftp.swin.edu.au/sanesecurity/malware.expert.hdb
+# - https://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
+# - https://ftp.swin.edu.au/sanesecurity/winnow.complex.patterns.ldb
+# - https://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb
+# - https://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb
+# - https://ftp.swin.edu.au/sanesecurity/winnow_extended_malware_links.ndb
+# - https://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb
+# - https://ftp.swin.edu.au/sanesecurity/winnow_phish_complete.ndb
+# - https://ftp.swin.edu.au/sanesecurity/winnow_phish_complete_url.ndb
+# - https://ftp.swin.edu.au/sanesecurity/winnow_spam_complete.ndb
 # bofhland
-# - http://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
-# - http://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
-# - http://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
-# - http://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
+# - https://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
+# - https://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
+# - https://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
+# - https://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
 # Porcupine
-# - http://ftp.swin.edu.au/sanesecurity/porcupine.ndb
-# - http://ftp.swin.edu.au/sanesecurity/phishtank.ndb
-# - http://ftp.swin.edu.au/sanesecurity/porcupine.hsb
+# - https://ftp.swin.edu.au/sanesecurity/porcupine.ndb
+# - https://ftp.swin.edu.au/sanesecurity/phishtank.ndb
+# - https://ftp.swin.edu.au/sanesecurity/porcupine.hsb
+# maldet
+# - https://www.rfxn.com/downloads/rfxn.ndb
+# - https://www.rfxn.com/downloads/rfxn.hdb
 
 # tcp example: inet:7357@127.0.0.1
 clamav_milter_socket: 'local:/run/clamav-milter/clamav-milter.socket'