The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

clamAV

Discussion in 'General Discussion' started by crazyaboutlinux, Apr 4, 2009.

  1. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    we are using :

    cPanel 11.24.4-S33345
    WHM 11.24.2 - X 3.9
    CENTOS 4.7 i686 on standard

    And there are 200 domains hosted

    my questions are as below

    1. we want to scan only one domain instead of all how can i via WHM & SSH

    2. how to scan whole server via WHM or SSH

    3. how can i find out ClamAV version via SSH or WHM
    or if we are running older how could be upgrade via SSH or WHM

    thanks
    Nilesh
     
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    clamdscan /home/username
    clamdscan -l virus.txt /home/username (print a pretty text file with the results)
    clamdscan /home
    clamdscan -l virus.txt /home (print a pretty text file with the results)
    freshclam
    wait until cpanel adds it to the version your running "upcp"
    or if you cant wait http://forums.cpanel.net/showthread.php?t=112309&highlight=update+clamav
     
  3. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    Thank you so much for your reply

    i need to ask you one for thing

    i scanned the website & found 2 suspicious files

    so my question is does clamav removing those files or we'll need to remove manually
     
  4. Sc-Pro

    Sc-Pro Member

    Joined:
    Apr 29, 2006
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    I didn't feel like scanning by per account logging into cPanel, so I found this command, but after running it found out that I didn't want to scan e-mail so, I went directly to the webroot folder and scanned there just find but I also wanted to scan the each account but not manually, I created a simple script that just does that; This script could may need some improvements, but works good.




    If you notice, It goes into the /home directory, make sure you change the path too this.

    The /scan/$i.txt is where are the log files are stored for each user of the scan.

    cat /scan/$i.txt sends you and e-mail with the results.

    If you have more than one drive, make sure you change it too /home, /home2 etc...

    As for me, I created the script called scanhome, scanhome2 etc... in /sbin and chmodded to 755 and I can called it by using scanhome or scanhome2 etc...also I have it setup to run in crontab to run every 1st of the month.


    and to answer your question;

    i scanned the website & found 2 suspicious files

    so my question is does clamav removing those files or we'll need to remove manually

    clamdscan --help

    --remove Remove infected files. Be careful!
    --move=DIRECTORY Move infected files into DIRECTORY
    --copy=DIRECTORY Copy infected files into DIRECTORY


    I would move them, to inspect them...Main reason for this, was to look for PHP Shells and works great! Found quite a few and removed them all!

    Note: Script I wrote above does not include remove, move or copy.
     
Loading...

Share This Page