Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Automatic user-based email script for clamavconnector plugin

Discussion in 'Security' started by XenomediaBV, May 13, 2013.

  1. XenomediaBV

    XenomediaBV Well-Known Member

    Sep 3, 2009
    Likes Received:
    Trophy Points:
    The Netherlands
    cPanel Access Level:
    Root Administrator
    For our servers I created a simple automation script which uses the ClamAV Connector plug-in available through WHM. The idea is based on the suggestions made by cPanel:
    Security and Virus Scanning in WHM

    The cronjob mentioned on the above page performs a scan on a per account basis. I transfered this concept into a per account email warning send to the users contact email and the server administrator. Only if an infection is found an email will be send. This way detecting hacked websites is faster.

    For anybody that finds this useful here's a little tutorial:

    First make sure the ClamAV plug-in is installed and running. The below script can be created with any user you prefer, but must be executed by the root user.

    Go to your preferred custom scripts directory and create the following file:
    vi clamscan_daily
    Paste the following code in the file and adjust the 3 email params as needed:
    # Set default TO email
    # This is a fall-back in case the user has no contact email
    EMAIL_TO="[COLOR="#FF0000"][email protected][/COLOR]"
    # Set BCC email
    # Use this to get a copy of all send out warnings
    # Set FROM email
    # Use this to add a reply address for your customers or use a no-reply address
    EMAIL_FROM="[COLOR="#FF0000"][email protected][/COLOR]"
    run_scan () {
      # Get the servers hostname
      for i in `awk '!/nobody/{ print $2 | "sort | uniq" }' /etc/userdomains | sort | uniq`
        # Create tmp file
        TMPFILE=`mktemp clamscan-result.XXXXXXXXXX`
        # Get user email
        if [ -f /home/$i/.contactemail ]
          EMAIL_TO=`cat /home/$i/.contactemail`
        # Prepare email headers
        echo "To: $EMAIL_TO" >> $TMPFILE
        echo "Bcc: $EMAIL_BCC" >> $TMPFILE
        echo "From: $EMAIL_FROM" >> $TMPFILE
        echo "Subject: $HOSTNAME: Virus detected on account: $i" >> $TMPFILE
        echo "Importance: High" >> $TMPFILE
        echo "X-Priority: 1" >> $TMPFILE
        # Prepare email body
        echo "Attention! Your action is required. Please delete the following infected files:" >> $TMPFILE
        echo " " >> $TMPFILE
        # Start scanning the users home directory
        /usr/bin/clamscan -i -r /home/$i >> $TMPFILE
        # Check the last set of results.
        # If there are any 'Infected' counts that aren't zero, we have a problem.
        if [ `tail -n 12 $TMPFILE | grep Infected | grep -v 0 | wc -l` != 0 ]
          sendmail -t < $TMPFILE
        # clean-up tmp file
        rm -f $TMPFILE
    Save the file and make it executable:
    chmod +x clamscan_daily
    Edit the crontab (crontab -e) and add the following cronjob:
    30 5 * * * /path/to/your/clamscan_daily > /dev/null 2>&1
    It's advised to configure the execution time of the above script about 10 minutes after your ClamAV update run (/usr/bin/freshclam) to make sure you have the latest definitions. It is also possible to run this more then once per day, but since running ClamAV results in a higher load it's best to run it during off-peak hours.

    I hope this will help you a bit in protecting your servers.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 XenomediaBV, May 13, 2013
    Last edited: May 13, 2013

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice