Need Help with ClamAV Cron Job

[bgarrant]

I am trying to modify the recommended cPanel daily ClamAV cron scan found here Configure ClamAV Scanner - Version 70 Documentation - cPanel Documentation. I would like to adjust it to remove or destroy any files with viruses found. Do I just need to add the -remove tag?

while read domain user; do /usr/local/cpanel/3rdparty/bin/clamscan -i -r -remove /home/"$user" 2>&1; done </etc/trueuserdomains >>/root/infections.txt

Should I quarantine files instead? I am afraid they will just build up that way. does ClamAV normally have a lot of false positives?

I have about 80 client domains on my server. Any advice is appreciated.

 

[bgarrant]

Is this the cron I need to run to remove the files and also email me the results daily?

while read domain user; do /usr/local/cpanel/3rdparty/bin/clamscan -i -r --remove /home/"$user" 2>&1; done </etc/trueuserdomains >>/root/infections.txt

 

[bgarrant]

does anyone know if this is correct way to scan, remove infected files and also send an email notification to root?

while read domain user; do /usr/local/cpanel/3rdparty/bin/clamscan -i -r --remove /home/"$user" 2>&1; done </etc/trueuserdomains >>/root/infections.txt

 

[cPanelLauren]

Clamscan provides options to move the infected files to a specific directory - commands for this can be found here: ClamavNet

Sometimes infected files are actually legitimate and necessary files with inserted code - you wouldn't necessarily want to outright delete them