Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Using AV clamscan question

Discussion in 'Security' started by chanklish, Sep 20, 2017.

Tags:
  1. chanklish

    chanklish Active Member

    Joined:
    May 22, 2015
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    kinshasa
    cPanel Access Level:
    Root Administrator
    hello
    i installed av clam and i can scan manually correctly but then i wanted to set a chron job for my domains
    i used this from the documentation :
    Code:
    for i in `awk '!/nobody/{print $2 | "sort | uniq" }' /etc/userdomains | sort | uniq`; do /usr/local/cpanel/3rdparty/bin/clamscan -i -r /home/$i 2>>/dev/null; done >> /root/infections&
    
    (i do not know how to edit this so i though it will work)

    but i received this error :
    /usr/local/cpanel/bin/jailshell: /root/infections: No such file or directory

    is this a sign that there is no infections or the directory is missing ?!
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You will need to add that cron job as "root" rather than as an account. To edit the root crontab, login via SSH as root and add it as a new line using the "crontab -e" command.

    Thank you.
     
  3. chanklish

    chanklish Active Member

    Joined:
    May 22, 2015
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    kinshasa
    cPanel Access Level:
    Root Administrator
    can i d it via gui in whm ?
    if not what is the entire command to be added from ssh ?
    thank you
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    There are no native features that allow you to add root cron jobs via Web Host Manager. Here's the full command to use while logged in via SSH as "root":

    Code:
    crontab -e
    The following thread provides more information on this topic:

    Cron Job

    Thank you.
     
  5. chanklish

    chanklish Active Member

    Joined:
    May 22, 2015
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    kinshasa
    cPanel Access Level:
    Root Administrator

    i have access to ssh but

    1-he says to make a file and put this in it :
    #!/bin/bash

    for i in `awk '!/nobody/{print $2 | "sort | uniq" }' /etc/userdomains | sort | uniq`; do /usr/local/cpanel/3rdparty/bin/clamscan -i -r /home/$i 2>>/dev/null; done >> /root/infections&

    how ?!
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Rather than setting up a custom bash script, you may simply want to add the following cron job when using the "crontab -e" command:

    Code:
    0 5 * * * /usr/local/cpanel/3rdparty/bin/clamscan -ir /home/ | mail -s "subject" your@email.com
    This will scan the entire home directory every night at 5AM and email you the results.

    Thank you.
     
  7. chanklish

    chanklish Active Member

    Joined:
    May 22, 2015
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    kinshasa
    cPanel Access Level:
    Root Administrator
    when i put crontab -e i get the following picture .. how can i add the command ?
     

    Attached Files:

    #7 chanklish, Sep 20, 2017
    Last edited by a moderator: Sep 21, 2017
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  9. chanklish

    chanklish Active Member

    Joined:
    May 22, 2015
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    kinshasa
    cPanel Access Level:
    Root Administrator
    thank you .. i added it .. now i will wait for tomorrow and see the results
     
  10. chanklish

    chanklish Active Member

    Joined:
    May 22, 2015
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    kinshasa
    cPanel Access Level:
    Root Administrator
    i added it but did not receive an email the next day ..how can i check what happened ?!
     
  11. chanklish

    chanklish Active Member

    Joined:
    May 22, 2015
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    kinshasa
    cPanel Access Level:
    Root Administrator
    i am sorry .. i received now this email .. but i did not know what happened with the infected items
    Code:
    /home/virtfs/africatc/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/africatc/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND
    
    /home/virtfs/africatc/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND
    
    /home/virtfs/africatc/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/safrimex/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/safrimex/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND
    
    /home/virtfs/safrimex/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND
    
    /home/virtfs/safrimex/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/sonades/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/sonades/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND
    
    /home/virtfs/sonades/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND
    
    /home/virtfs/sonades/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/groupsoc/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/groupsoc/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND
    
    /home/virtfs/groupsoc/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND
    
    /home/virtfs/groupsoc/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/centralm/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/centralm/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND
    
    /home/virtfs/centralm/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND
    
    /home/virtfs/centralm/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/alliancelibanais/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/alliancelibanais/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND
    
    /home/virtfs/alliancelibanais/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND
    
    /home/virtfs/alliancelibanais/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/megatran/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/megatran/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND
    
    /home/virtfs/megatran/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND
    
    /home/virtfs/megatran/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/clcongo/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/clcongo/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND
    
    /home/virtfs/clcongo/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND
    
    /home/virtfs/clcongo/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/jpbv/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/jpbv/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND
    
    /home/virtfs/jpbv/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND
    
    /home/virtfs/jpbv/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/congooil/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/congooil/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND
    
    /home/virtfs/congooil/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND
    
    /home/virtfs/congooil/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/national/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/national/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND
    
    /home/virtfs/national/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND
    
    /home/virtfs/national/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/socimex/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/socimex/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND
    
    /home/virtfs/socimex/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND
    
    /home/virtfs/socimex/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/inspecta/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/inspecta/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND
    
    /home/virtfs/inspecta/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND
    
    /home/virtfs/inspecta/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/socitran/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    /home/virtfs/socitran/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND
    
    /home/virtfs/socitran/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND
    
    /home/virtfs/socitran/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND
    
    
    ----------- SCAN SUMMARY -----------
    
    Known viruses: 6303701
    
    Engine version: 0.99.2
    
    Scanned directories: 257591
    
    Scanned files: 2014099
    
    Infected files: 56
    
    Data scanned: 108467.41 MB
    
    Data read: 151413.93 MB (ratio 0.72:1)
    
    Time: 28089.460 sec (468 m 9 s)
    
    
    
    and this :
    Code:
    LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
    LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
    LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
    LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
    LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
    LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
    LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
    LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
    LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
    LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
    LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
    LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
    LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
    LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
    
     
    #11 chanklish, Sep 21, 2017
    Last edited: Sep 21, 2017
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  13. chanklish

    chanklish Active Member

    Joined:
    May 22, 2015
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    kinshasa
    cPanel Access Level:
    Root Administrator
    thank you for your input .. i understand the size limitations now .. but for the first email about the virtfs i still dont understand what to do ..would be fixed if i remove wordpress addons ?
     
  14. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    The output suggests those files only exist in the /home/virtfs/$username directories and not under the account's home directory. You should never manually alter or remove files from the VirtFS directory. You can read about how to clear the VirtFS mounts at:

    VirtFS - Jailed Shell - Documentation - cPanel Documentation

    Thank you.
     
Loading...

Share This Page