Need Help with ClamAV Cron Job

bgarrant

Well-Known Member
Jun 27, 2012
78
10
8
cPanel Access Level
Root Administrator
I am trying to modify the recommended cPanel daily ClamAV cron scan found here Configure ClamAV Scanner - Version 70 Documentation - cPanel Documentation. I would like to adjust it to remove or destroy any files with viruses found. Do I just need to add the -remove tag?

Code:
while read domain user; do /usr/local/cpanel/3rdparty/bin/clamscan -i -r -remove /home/"$user" 2>&1; done </etc/trueuserdomains >>/root/infections.txt
Should I quarantine files instead? I am afraid they will just build up that way. does ClamAV normally have a lot of false positives?

I have about 80 client domains on my server. Any advice is appreciated.
 

bgarrant

Well-Known Member
Jun 27, 2012
78
10
8
cPanel Access Level
Root Administrator
Is this the cron I need to run to remove the files and also email me the results daily?

Code:
while read domain user; do /usr/local/cpanel/3rdparty/bin/clamscan -i -r --remove /home/"$user" 2>&1; done </etc/trueuserdomains >>/root/infections.txt
 

bgarrant

Well-Known Member
Jun 27, 2012
78
10
8
cPanel Access Level
Root Administrator
does anyone know if this is correct way to scan, remove infected files and also send an email notification to root?

Code:
while read domain user; do /usr/local/cpanel/3rdparty/bin/clamscan -i -r --remove /home/"$user" 2>&1; done </etc/trueuserdomains >>/root/infections.txt
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,263
313
Houston
Clamscan provides options to move the infected files to a specific directory - commands for this can be found here: ClamavNet

Sometimes infected files are actually legitimate and necessary files with inserted code - you wouldn't necessarily want to outright delete them