crazyaboutlinux

Well-Known Member
Nov 3, 2007
939
1
66
we are using :

cPanel 11.24.4-S33345
WHM 11.24.2 - X 3.9
CENTOS 4.7 i686 on standard

And there are 200 domains hosted

my questions are as below

1. we want to scan only one domain instead of all how can i via WHM & SSH

2. how to scan whole server via WHM or SSH

3. how can i find out ClamAV version via SSH or WHM
or if we are running older how could be upgrade via SSH or WHM

thanks
Nilesh
 

dalem

Well-Known Member
PartnerNOC
Oct 24, 2003
2,983
159
368
SLC
cPanel Access Level
DataCenter Provider
1. we want to scan only one domain instead of all how can i via WHM & SSH
clamdscan /home/username
clamdscan -l virus.txt /home/username (print a pretty text file with the results)
2. how to scan whole server via WHM or SSH
clamdscan /home
clamdscan -l virus.txt /home (print a pretty text file with the results)
3. how can i find out ClamAV version via SSH or WHM
freshclam
or if we are running older how could be upgrade via SSH or WHM
wait until cpanel adds it to the version your running "upcp"
or if you cant wait http://forums.cpanel.net/showthread.php?t=112309&highlight=update+clamav
 

crazyaboutlinux

Well-Known Member
Nov 3, 2007
939
1
66
Thank you so much for your reply

i need to ask you one for thing

i scanned the website & found 2 suspicious files

so my question is does clamav removing those files or we'll need to remove manually
 

Sc-Pro

Member
Apr 29, 2006
6
0
151
Hello,

I didn't feel like scanning by per account logging into cPanel, so I found this command, but after running it found out that I didn't want to scan e-mail so, I went directly to the webroot folder and scanned there just find but I also wanted to scan the each account but not manually, I created a simple script that just does that; This script could may need some improvements, but works good.



for i in $(ls -l /home/ | sed -e '/root/d' | awk '{print $3}'); do clamdscan -l /scan/$i.txt /home/$i/public_html/; cat /scan/$i.txt | mail -s "Virus Scan: $i" you(at)email.com; done

If you notice, It goes into the /home directory, make sure you change the path too this.

The /scan/$i.txt is where are the log files are stored for each user of the scan.

cat /scan/$i.txt sends you and e-mail with the results.

If you have more than one drive, make sure you change it too /home, /home2 etc...

As for me, I created the script called scanhome, scanhome2 etc... in /sbin and chmodded to 755 and I can called it by using scanhome or scanhome2 etc...also I have it setup to run in crontab to run every 1st of the month.


and to answer your question;

i scanned the website & found 2 suspicious files

so my question is does clamav removing those files or we'll need to remove manually

clamdscan --help

--remove Remove infected files. Be careful!
--move=DIRECTORY Move infected files into DIRECTORY
--copy=DIRECTORY Copy infected files into DIRECTORY


I would move them, to inspect them...Main reason for this, was to look for PHP Shells and works great! Found quite a few and removed them all!

Note: Script I wrote above does not include remove, move or copy.