ozzieonline

Well-Known Member
Dec 20, 2012
126
0
16
cPanel Access Level
Root Administrator
Hello,

I installed ClamAV in WHM. Is this enough to keep me protected? I'm not sure if the program runs automatically, or if I have to start each scan manually from cPanel? Can someone please clarify?

Many thanks in advance.
 

mtindor

Well-Known Member
Sep 14, 2004
1,430
92
178
inside a catfish
cPanel Access Level
Root Administrator
If you install ClamAV in WHM, it just sits there and does nothing unless you specifically tell it to scan something -- or unless you set up a cron job or something to do periodic scans. It does not monitor uploads via web/ftp in realtime all by itself. If you want that capability you'd want something like the ConfigServer eXploit Scanner (CXS).

If installed, ClamAV will scan incoming email. If you want it to automatically scan outbound mail / mail from authenticated senders, you'll have to enable that in WHM --> Exim Configuration Manager --> Security.

m
 

ozzieonline

Well-Known Member
Dec 20, 2012
126
0
16
cPanel Access Level
Root Administrator
Thanks for your reply mtindor. Really appreciate it!

My VPS is quite small and has only 512MB. When I use Putty to see the active processes I notice that clamd uses 27,3% of the available memory! And now I understand it doesn't even do anything? That's pretty strange actually :(

I want to host websites for other people on my VPS by using add-on domains. I have only 1 cPanel account and I will be the only one with FTP access. Also I disabled anonymous FTP.

Which of these options should I check then when I configurate ClamAv in WHM?

Scan Entire Home Directory
Scan Mail
Scan Public FTP Space
Scan Public Web Space

I think I can uncheck "Scan Public FTP Space" becuase I don't use anonymous FTP. Is that correct? And how about "Scan Public Web Space". I'm not exactly sure what that means.

"If installed, ClamAV will scan incoming email."
Incoming e-mail will be scanned automatically? Without a cron job or something?

"If you want it to automatically scan outbound mail / mail from authenticated senders, you'll have to enable that in WHM --> Exim Configuration Manager --> Security."
Thanks for the tip. I see 2 options concerning ClamAV:
1) Scan messages for malware from authenticated senders (exiscan).
2) Scan outgoing messages for malware
Which option is the one you're referring to?

Is there maybe another free antivirus program that is always active and doesn't require cronjobs? And which doesn't consume this much memory?
 

mtindor

Well-Known Member
Sep 14, 2004
1,430
92
178
inside a catfish
cPanel Access Level
Root Administrator
My VPS is quite small and has only 512MB. When I use Putty to see the active processes I notice that clamd uses 27,3% of the available memory! And now I understand it doesn't even do anything? That's pretty strange actually :(
It's active by default for two reasons:

1. So the facility in WHM can be used if you want to scan anything
2. So that the virus filtering for incoming email works by default

Which of these options should I check then when I configurate ClamAv in WHM?

Scan Entire Home Directory
Scan Mail
Scan Public FTP Space
Scan Public Web Space

I think I can uncheck "Scan Public FTP Space" becuase I don't use anonymous FTP. Is that correct? And how about "Scan Public Web Space". I'm not exactly sure what that means.
I can't advise. I use CXS (from configserver.com, not a free product) rather than the facility built into WHM.

"If installed, ClamAV will scan incoming email."
Incoming e-mail will be scanned automatically? Without a cron job or something?
Correct.

"If you want it to automatically scan outbound mail / mail from authenticated senders, you'll have to enable that in WHM --> Exim Configuration Manager --> Security."
Thanks for the tip. I see 2 options concerning ClamAV:
1) Scan messages for malware from authenticated senders (exiscan).
2) Scan outgoing messages for malware
Which option is the one you're referring to?
Both of them. On some servers I dont even bother to check those. I'm not concerned about users sending out viruses -- I'm concerned about them receiving viruses from external sources.

Is there maybe another free antivirus program that is always active and doesn't require cronjobs? And which doesn't consume this much memory?
I have no answer for this one.

M