Scanning Zipfiles with AV

[durangod]

Hi, if a site on shared hosting with cpanel installed allows users to upload zip files via a site form, is there anything that cpanel has that can scan those files as they are uploaded to the server?

These sites dont have root access so they cant install anything, it needs to be something readily available off the menu.

What can be done to secure these zip files to prevent viruses and such from being uploaded via zip files?

Thanks

 

[fuzzylogic]

ConfigServer eXploit Scanner does that, but it is a paid cPanel plugin.

From the cxs Documentation...

cxs Watch Daemon
This is an alternative to ftp and web script upload scanning. The cxs Watch daemon uses a separate process to constantly watch entire user accounts for new and modified files and scans them immediately. The scanning children use up significantly fewer resources than the ftp and web script upload scanning methods.

The default options for cxswatch are options=mMOLfuSGchexdnwZRrD
Z stands for scan compressed files.

Additionally, cxs can provide a Modsecurity rule which pipes all http uploads to cxs for scanning before the http request is allowed to complete. The http request is blocked by Modsecurity if cxs gets a match.

So in your case I would expect both methods to detect almost in real time a compressed exploit known to clamav.

Sorry I just reread your post and you wanted something that a regular cPanel account user can access. My suggestions only apply to a server administrator with root access.

 

[cPanelMichael]

Hello @durangod,

ImunifyAV is planned for integration with all cPanel & WHM servers in upcoming cPanel & WHM versions. You can read more about it on our blog post below:

Announcing ImunifyAV on all cPanel & WHM Servers! | cPanel Blog

In the meantime, you could check with the shared hosting provider and see if they are willing to manually install ImunifyAV (the free version) using the instructions on the link below:

ImunifyAV | Documentation

Thank you.

 

[durangod]

Thats great thanks...