• caglararli@hotmail.com
  • 05386281520

Utilising 3rd-party AV definitions with ClamAV engine

Çağlar Arlı      -    29 Views

Utilising 3rd-party AV definitions with ClamAV engine

I have ClamAV/engine pretty widely deployed on most of my Linux/UNIX/POSIX & other boxes - including gateways & at-rest storage, but I've found the ClamAV definitions... lacking... sometimes.

I've found 3rd-party AV definition signatures (MS, Symantec/Broadcom, Kasperski, Sophos, etc) that I'd like to use, but not quite sure if the formatting is correct and/or what formatting is compatible or ingestible.

Ideally I'd like to set up a spec'ed/hardened/sandboxed/DMZ'd host (VM/container/baremetal) that various hosts on my LAN/SoHo-lab can poll rather than duplicating load n*nodes (memory-protections aside, etc).

Is there a way to incorporate or ingest such 3rd-party definitions sources into my setup to be used via the ClamAV (or any other) engine? My thinking is not dissimilar to the approach of how I'm already parsing multiple DNSBL lists at my gateway rather than trying to manage an arbitrary number of hosts & guests.

Caveat: this is for personal use, and would not dream to use such a hack in production, but I do a fair bit of testing/"R&D" during this WfH period & would like to use the opportunity to shore up my setup.