delete virus by clamav

osama.alani · Jun 27, 2013

hello,
by this command i can scan my server from shell

clamscan --infected --recursive /home/

what is the command to delete virus by clamav for specific domain

and what is the command for the whole domains please ?

Thanks for help

24x7server · Jun 27, 2013

Hello,

To delete the infected files from specific domain, Please try with the following command

/usr/bin/clamscan /home/USERNAME/public_html -ir --remove=yes

And try following command to scan all domains files

/usr/bin/clamscan /home/*/public_html -ir

osama.alani · Jun 27, 2013

thank you
but when i tried to delete infected files it tell me that file can't be removed

what shall i do please ?

Thanks

faisikhan · Jun 28, 2013

What command did you try to delete the infected files?

HostingH · Jun 28, 2013

Hello,

Check the permissions/ownership like attributes.

clamscan /home/USERNAME/public_html -ir --remove=yes >> This command scans and cleans the viruses or files.
You can also use Maldet for scanning the account or servers.

stdout · Jun 28, 2013

Either you aren't root OR the file(s) were deliberately made immutable using chattr.
Have you tried removing removing the immutable flag on the file(s) yet? eg. "chattr -ia filename.ext"

The chattr command does accept the -R (recursive) flag.

-i
A file with the âiâ attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be writ-
ten to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

-a
A file with the âaâ attribute set can only be open in append mode for writing. Only the superuser or a process possessing the
CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

osama.alani · Jun 28, 2013

hello, i'm using

clamscan -ir --remove /home/

to remove and it really removed some files but some other can't be removed
i have no idea what to do

Thanks

stdout · Jun 29, 2013

Have you tried changing the attributes on the file(s) you cannot remove?
You can verify IF a file is immutable by listing the file using "lsattr <filename>".

ie. "lsattr /home/username/thisfile.php"

osama.alani · Jun 29, 2013

Hello,
everything is done , now my server 100% free of trojans
i just did it many times and now it say free of viruses

thanksa lot for help

cPanelMichael · Jul 1, 2013

Hello

You may want to consider moving or quarantining the files in the future instead of deleting them. This will allow you to review the files, or backup certain aspects of the files if necessary.

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
	Allowing HTTP methods PATCH and DELETE in modsecurity	Security	3	Apr 3, 2023
R	SOLVED CPANEL-40720 - Continuous mails about deleted freshclam.	Security	9	May 26, 2022
S	deleted - Suspicious File	Security	3	Sep 23, 2021
	SOLVED Can't delete or rename folders, plus infected files keep showing	Security	22	Feb 12, 2021
P	Files detected as virus and auto deleted	Security	1	Mar 11, 2014

Search

Search

delete virus by clamav

osama.alani

Member

24x7server

Well-Known Member

osama.alani

Member

faisikhan

Well-Known Member

HostingH

Well-Known Member

stdout

Well-Known Member

osama.alani

Member

stdout

Well-Known Member

osama.alani

Member

cPanelMichael

Administrator