Which antivirus your signatures do work ?
Our signatures are compatible with ClamAV 0.98.4 at least (out since 2015 !), Clamwin, and ClamXav. However, if you have version 0.98.x or 0.99.x of ClamAV, you should update very quickly because on March, 1st 2021, it will not be supported anymore by ClamAV.
Does your signatures duplicates with official ClamAV signatures ?
No, our signatures are based on malware that are not already detected by ClamAV. Our signatures are complementary with those of ClamAV
Advantages of a Professional/Gold/Reseller subscription ?
The Professional/Gold/Reseller allow you to access to 0 day and 0 hour malware signatures. It protects you from newly discovered malwares and active on the Internet.
Is the paid subscription allows me to protect multiple computers ?
Yes, as long as you respect the maximum number of IP addresses authorized to download the signatures corresponding to the selected subscription
Does your signatures generate some false positive detections ?
No. The false positive rate is extremely low. However, we recommend that you perform pre-production tests before using our signatures in production environment.
What is your signatures detection rate ?
Regarding 0 day malwares, the detection rate is always greater than 80%. This can reach up to 95% ! Official ClamAV signatures have a detection rate around 10%. You can verify by yourself the stats on our daily updated page about malwares found on hacked websites.
Can I use other unofficial signatures like for example SaneSecurity or MalwarePatrol ?
Yes, we recommend to use other unofficial signatures to maximize your protection
Can I do mirorring of your signatures on my network server ?
Yes you can. But public mirroring of our signatures is prohibited !
What is the best crontab configuration for freshclam ?
We recommend the following configuration :
n * * * * freshclam --quiet
n is a number you choose between 3 and 57.
There is several signature files. What are the differences ?
Here is the details of the signature files :
securiteinfo.hdb : Mainly executable malwares (exe, com, dll, ...) more recent than one year. Typical usage : Any usage.
securiteinfohtml.hdb and javascript.ndb : HTML or Javascript malwares. Typical usage : Proxy and mail server.
securiteinfoascii.hdb : Text file malwares (Perl or shell scripts, bat files, exploits, ...). Typical usage : Any usage.
spam_marketing.ndb : spammer blacklist. Typical usage : mail server.
securiteinfoandroid.hdb : Android malwares. Typical usage : Smartphone and tablet protection.
securiteinfo.ign2 : Anti-false positives. Mandatory use for any usage.
securiteinfoold.hdb : One year old malwares. Optional usage. Use it if you are not limited in resources (RAM/CPU), or if you want a maximum detection of malwares, or if you are a virus collector who compares antivirus software.
securiteinfopdf.hdb : PDF Malwares and spams. Typical usage : Any usage.
securiteinfo0hour.hdb : Malwares appeared on the Internet in the past 60 minutes. So these are the most active malwares at this moment. Mandatory use for any usage. Not included in Basic subscription
securiteinfo.mdb : Generic signatures of malwares. Mandatory use for any usage. Not included in Basic subscription
Do you contribute to ClamAV ?
Yes, we regularly submit false positives and signatures to ClamAV. Unfortunately, for some reason, ClamAV does not systematically integrate our contributions. See our contributions for more information.
Who creates the signatures of SecuriteInfo.com ?
Arnaud Jacques, CEO of SecuriteInfo.com, creates the signatures. He has been an official sigmaker of ClamAV during 8 years. You can find more information here
Does the URLs change in paid subscription ?
No, the URLs are the same as your account is in free or paid subscription, except you have 2 more signature databases to download in paid subscription : securiteinfo0hour.hdb and securiteinfo.mdb.
I have paid a professionnal subscription. When I want to download the 0-day signatures, I got a "up to date" message. What's wrong ?
Please delete the signature files you downloaded with the free subscription (securiteinfo.hdb, securiteinfoascii.hdb, securiteinfohtml.hdb, securiteinfo.ign2, spam_marketing.ndb, javascript.ndb and securiteinfoandroid.hdb) and then download them again. You will receive the 0-day signatures files.
I cannot download securiteinfoold.hdb, or I have an error : 'nonblock_recv: recv timing out (30 secs)' or 'Download failed (28) ... Message: Timeout was reached'. What's wrong ?
For ClamAV older than 0.102.2, add "ReceiveTimeout 2400" in your freshclam.conf and reload freshclam daemon.
For ClamAV 0.102.2 or newer, simply remove ReceiveTimeout from your freshclam.conf and reload freshclam daemon.
I can't download the following files : honeynet.hdb, securiteinfoelf.hdb, securiteinfosh.hdb, securiteinfooffice.hdb, securiteinfodos.hdb, securiteinfobat.hdb. What's wrong ?
These files were merged into securiteinfo.hdb. Please go to the 'Setup' tab to get your personnal download URLs. Any other URL used will be refused by the server
What is the best configuration for clamd.conf ?
To achieve maximum detection rates, we recommend modifying the following lines in your clamd.conf :
WARNING : These changes suggest that you have at least 8GB of RAM
DetectPUA yes
ExcludePUA PUA.Win.Packer
ExcludePUA PUA.Win.Trojan.Packed
ExcludePUA PUA.Win.Trojan.Molebox
ExcludePUA PUA.Win.Packer.Upx
ExcludePUA PUA.Doc.Packed
MaxScanSize 150M
MaxFileSize 100M
MaxRecursion 40
MaxEmbeddedPE 100M
MaxHTMLNormalize 50M
MaxScriptNormalize 50M
MaxZipTypeRcg 50M
How to whitelist a signature ?
Please see this article : Whitelisting signatures for ClamAV antivirus
Do you publish update reports about your antiviral signatures?
Yes, a report is published every day and is available on our website
What is the best method to download signatures ?
The easiest method to download our signatures is to use freshclam, as indicated in the 'Setup' tab. The only method supported and recommended by SecuriteInfo.com, is the use of freshclam. Any other method, including third-party scripts, is not supported/maintained by SecuriteInfo.com.
If you are using a third-party script like clamav-unofficial-sigs or fangfrisch, make sure you are using the latest version.
