set 032018
 

3.6.1 ClamAV

Objectivo

Instalação do pacote anti-vírus ClamAV. Este pode posteriormente ser integrado num sistema de filtragem de emails ou ficheiros.

Instalação

root@server:~# aptitude install clamav clamav-docs clamav-daemon clamav-freshclam

Para que o ClamAV possa verificar ficheiros compactados, devem ser também instalados alguns pacotes para descompactar ficheiros:

root@server:~# aptitude install arc arj bzip2 cabextract lzop nomarch p7zip pax tnef unrar-free unzip zoo

Se tiver acesso aos repositórios “non-free”, é possível instalar mais alguns pacotes:

root@server:~# aptitude install lha unrar 

Continue reading »

Run ClamAV scan from command line on cPanel server

 Clusterweb  Comentários desativados em Run ClamAV scan from command line on cPanel server
ago 242018
 

One of our client server’s was affected by virus and he can’t control it. And he is aks me to look into the issues. I have verified on server and found that one account got affected severely and run the below steps to remove it.

Note : If you installed the clamav from WHM Plugin, your clamav installation location is follow. If you installed manually find the exact path and use it according that.

1) How to run clamscan to particular user account in cpanel server ?

Use the below method to run the clamscan to particular user account. Change your username according that. I’m going to run the scan to iconbuil account because i have found that few infected files this account. You will be got the output smiler like below. After completing the scan

# /usr/local/cpanel/3rdparty/bin/clamscan -ri /home/iconbuil/public_html

LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***   Please update it as soon as possible.    ***
LibClamAV Warning: **************************************************
LibClamAV Warning: Detected duplicate databases /usr/local/cpanel/3rdparty/share/clamav/main.cvd and /usr/local/cpanel/3rdparty/share/clamav/main.cld. The /usr/local/cpanel/3rdparty/share/clamav/main.cvd database is older and will not be loaded, you should manually remove it from the database directory.
/home/iconbuil/public_html/wp-content/plugins/tinymce-advanced/css/index2CDEN.php: PHP.Trojan.Spambot FOUND
/home/iconbuil/public_html/wp-content/themes/twentyeleven/images/infocf5D.php: PHP.Trojan.Spambot FOUND

----------- SCAN SUMMARY -----------
Known viruses: 3914119
Engine version: 0.98.1
Scanned directories: 257
Scanned files: 2066
Infected files: 2
Data scanned: 61.04 MB
Data read: 43.68 MB (ratio 1.40:1)
Time: 17.003 sec (0 m 17 s)

Continue reading »