Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disable automatic scanning and blocking of file manager

Discussion in 'Security' started by cyphixia, Jun 18, 2017.

Tags:
  1. cyphixia

    cyphixia Registered

    Joined:
    Jun 18, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Lansing Michigan
    cPanel Access Level:
    DataCenter Provider
    Hey guys,

    First post here, but have been playing the cpanel/whm game for a while as a hosting security admin.

    We recently had an issue that I can't for the life of me figure out where to correct/change...

    Let me describe the issue first'
    -Stock centos7 server running "release" whm.
    -Enable clamAV pluigin for cpanel Version: 0.99.2-1.cp1164
    -Try to upload a known malicious file using cpanel file manager to an account's public_html.

    It will block with something like:
    "The file you uploaded, index.php, contains a virus so the upload was canceled: {HEX}base64.inject.unclassed.6.UNOFFICIAL FOUND"

    I have checked the file, and can confirm that this is a false positive.

    But, this leaves with with a question... Where are the configuration options for this? Specifically the option to disable the on demand stream scanning of an upload, for the host, a user, directory, or file. It seems like this would be configurable somewhere, or at least should be something that can be disabled via a config change.

    Upon installation of the module, I see that the following packages are downloaded and added:

    Code:
    http://httpupdate.cpanel.net/RPM/11.62/centos/6/x86_64/cpanel-perl-524-File-Scan-ClamAV-1.95-1.cp1162.x86_64.rpm
    
    http://httpupdate.cpanel.net/RPM/11.64/centos/6/x86_64/cpanel-clamav-0.99.2-1.cp1164.x86_64.rpm
    These seem to add the following files:

    -----
    Code:
    [root@host ~]# rpm -qlp [URL]http://httpupdate.cpanel.net/RPM/11.62/centos/6/x86_64/cpanel-perl-524-File-Scan-ClamAV-1.95-1.cp1162.x86_64.rpm[/URL]
    /usr/local/cpanel/3rdparty/perl/524/lib64/perl5/cpanel_lib/File/Scan/ClamAV.pm
    
    [root@host ~]# rpm -qlp [URL]http://httpupdate.cpanel.net/RPM/11.64/centos/6/x86_64/cpanel-clamav-0.99.2-1.cp1164.x86_64.rpm[/URL]
    /etc/chkserv.d/clamd
    /usr/local/cpanel/3rdparty/bin/clamav-config
    /usr/local/cpanel/3rdparty/bin/clamav_setupcrontab
    /usr/local/cpanel/3rdparty/bin/clambc
    /usr/local/cpanel/3rdparty/bin/clamconf
    /usr/local/cpanel/3rdparty/bin/clamd
    /usr/local/cpanel/3rdparty/bin/clamdscan
    /usr/local/cpanel/3rdparty/bin/clamdtop
    /usr/local/cpanel/3rdparty/bin/clamscan
    /usr/local/cpanel/3rdparty/bin/clamsubmit
    /usr/local/cpanel/3rdparty/bin/freshclam
    /usr/local/cpanel/3rdparty/bin/sigtool
    /usr/local/cpanel/3rdparty/etc/clamd.conf
    /usr/local/cpanel/3rdparty/etc/cpclamav.conf
    /usr/local/cpanel/3rdparty/etc/freshclam.conf
    /usr/local/cpanel/3rdparty/include/clamav.h
    /usr/local/cpanel/3rdparty/lib64/libclamav.la
    /usr/local/cpanel/3rdparty/lib64/libclamav.so
    /usr/local/cpanel/3rdparty/lib64/libclamav.so.7
    /usr/local/cpanel/3rdparty/lib64/libclamav.so.7.1.1
    /usr/local/cpanel/3rdparty/lib64/libclamunrar.la
    /usr/local/cpanel/3rdparty/lib64/libclamunrar.so
    /usr/local/cpanel/3rdparty/lib64/libclamunrar.so.7
    /usr/local/cpanel/3rdparty/lib64/libclamunrar.so.7.1.1
    /usr/local/cpanel/3rdparty/lib64/libclamunrar_iface.la
    /usr/local/cpanel/3rdparty/lib64/libclamunrar_iface.so
    /usr/local/cpanel/3rdparty/lib64/libclamunrar_iface.so.7
    /usr/local/cpanel/3rdparty/lib64/libclamunrar_iface.so.7.1.1
    /usr/local/cpanel/3rdparty/lib64/pkgconfig/libclamav.pc
    /usr/local/cpanel/3rdparty/share/clamav/copyright
    /usr/local/cpanel/3rdparty/share/man/man1/clambc.1
    /usr/local/cpanel/3rdparty/share/man/man1/clamconf.1
    /usr/local/cpanel/3rdparty/share/man/man1/clamdscan.1
    /usr/local/cpanel/3rdparty/share/man/man1/clamdtop.1
    /usr/local/cpanel/3rdparty/share/man/man1/clamscan.1
    /usr/local/cpanel/3rdparty/share/man/man1/clamsubmit.1
    /usr/local/cpanel/3rdparty/share/man/man1/freshclam.1
    /usr/local/cpanel/3rdparty/share/man/man1/sigtool.1
    /usr/local/cpanel/3rdparty/share/man/man5/clamav-milter.conf.5
    /usr/local/cpanel/3rdparty/share/man/man5/clamd.conf.5
    /usr/local/cpanel/3rdparty/share/man/man5/freshclam.conf.5
    /usr/local/cpanel/3rdparty/share/man/man8/clamav-milter.8
    /usr/local/cpanel/3rdparty/share/man/man8/clamd.8
    /usr/local/cpanel/whostmgr/addonfeatures/clamavconnector
    /usr/local/cpanel/whostmgr/docroot/cgi/addon_clamavconnector.cgi
    /var/cpanel/dynamicui/clamav
    /var/log/clam-update.log
    
    -----

    Nowhere in these can I see anything that defines if a file manager uploaded files gets scanned or not, and am unable to find any hooks that have been added to file manager after the install as well.

    Anybody know where this would be, or have any insight here?

    Thanks and best regards,
    ~Ian
    Liquidweb Security.
     
    #1 cyphixia, Jun 18, 2017
    Last edited by a moderator: Jun 18, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,419
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello Ian,

    It's not possible to disable virus scanning for files uploaded through File Manager without uninstalling ClamAV. I encourage you to open a feature request if you'd like to see that functionality added to the product:

    Submit A Feature Request

    The best approach in the meantime is to manually add false positives to the global whitelist using the instructions on the following thread:

    ClamAV signatures database

    Thank you.
     
Loading...

Share This Page