Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

problem with uploading an eicar test file on the server

Discussion in 'Security' started by Bessalah, Mar 23, 2018.

Tags:
  1. Bessalah

    Bessalah Registered

    Joined:
    Mar 12, 2018
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    france
    cPanel Access Level:
    Root Administrator
    Hi,

    I got a server with centos 7, Cpanel and WordPress CMS installed on it.

    I installed an antivirus provided with Cpanel (ClamAV). When I try to upload an Eicar file with a virus signature to test the server, the file is identified and it is not uploaded on the server (it's good).

    If I do the same thing with WordPress media library the file is uploaded (the eicar virus signature is not detected).

    Is it a way to fix it?

    Attached a screenshots of uploading eicar file on Cpanel and WordPress library

    Thanks in advance.
     

    Attached Files:

  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    828
    Likes Received:
    301
    Trophy Points:
    113
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    I don't think clamav automatically scans for any file upload or download in any other protocol other than exim or file manager

    You could try using FTP or your Wordpress to upload the file, and then initiate a clamav scan via the cPanel clamav interface for that domain.

    Maybe something like Wordpress ClamAV Daemon Antivirus is what is needed, but this project looks to be abandoned :(
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelMichael likes this.
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    The previous post is correct. The automatic scanning for viruses automatically occurs with File Manager when you install ClamAV. However, that same functionality does not apply to your PHP scripts. You'd need to see if there are any WordPress plugins that do what you are seeking, or consider setting up regular scans of your website files with the clamscan utility located at:

    /usr/local/cpanel/3rdparty/bin/clamscan

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. fuzzylogic

    fuzzylogic Well-Known Member

    Joined:
    Nov 8, 2014
    Messages:
    93
    Likes Received:
    51
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I suggest you investigate Configserver Exploit Scanner (CXS).
    It is a paid third party WHM Plugin that does an excellent job at upload scanning. (As well as other good things)
    It uses a modsecurity rule to intercept HTTP uploads for scanning.
    Once intercepted it checks uploads against ClamAV signatures(which would hit your eicar test file uploaded by WordPress), CXS's own signatures and scans them with regex for malicious or high risk strings.

    After using CXS for a few years, I wouldn't run a cPanel server without it.
    note: I have no affiliation with Configserver (but do have good will towards them)
     
    cPanelMichael and Infopro like this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice