One of our client server\u2019s was affected by virus and he can\u2019t control it. And he is aks me to look into the issues. I have verified on server and found that one account got affected severely and run the below steps to remove it.<\/p>\n
Note : If you installed the clamav from WHM Plugin, your clamav installation location is follow. If you installed manually find the exact path and use it according that.<\/p>\n
Use the below method to run the clamscan to particular user account. Change your username according that. I\u2019m going to run the scan to\u00a0iconbuil<\/strong>\u00a0account because i have found that few infected files this account. You will be got the output smiler like below. After completing the scan<\/p>\n <\/p>\n Verify the infected files and remove it.<\/p>\n -r:\u00a0<\/strong>To check files Recursively.<\/em><\/p>\n -i:\u00a0<\/strong>To show only Infected files.<\/p>\n Use the below method to run the clamscan to all user account. I\u2019m going to run the scan to all user account on server. You will be got the output smiler like below. After completing the scan<\/p>\n Verify the infected files and remove it.<\/p>\n Use the below method to run the clamscan to public_html directory for all account in cpanel server<\/p>\n Use the below method to run the clamscan to remove infected file while scanning itself.<\/p>\n One of our client server\u2019s was affected by virus and he can\u2019t control it. And he is aks me to look into the issues. I have verified on server and found that one account got affected severely and run the below steps to remove it. Note : If you installed the clamav from WHM Plugin, […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1],"tags":[1211,1214,945,1213,1215,923,1210,1212,759],"class_list":["post-4528","post","type-post","status-publish","format-standard","hentry","category-viazap","tag-clamav","tag-command","tag-cpanel","tag-from","tag-line","tag-on","tag-run","tag-scan","tag-server"],"_links":{"self":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/4528","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4528"}],"version-history":[{"count":4,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/4528\/revisions"}],"predecessor-version":[{"id":4532,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/4528\/revisions\/4532"}],"wp:attachment":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4528"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4528"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4528"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}# \/usr\/local\/cpanel\/3rdparty\/bin\/clamscan -ri \/home\/iconbuil\/public_html\r\n\r\nLibClamAV Warning: **************************************************\r\nLibClamAV Warning: *** The virus database is older than 7 days! ***\r\nLibClamAV Warning: *** Please update it as soon as possible. ***\r\nLibClamAV Warning: **************************************************\r\nLibClamAV Warning: Detected duplicate databases \/usr\/local\/cpanel\/3rdparty\/share\/clamav\/main.cvd and \/usr\/local\/cpanel\/3rdparty\/share\/clamav\/main.cld. The \/usr\/local\/cpanel\/3rdparty\/share\/clamav\/main.cvd database is older and will not be loaded, you should manually remove it from the database directory.\r\n\/home\/iconbuil\/public_html\/wp-content\/plugins\/tinymce-advanced\/css\/index2CDEN.php: PHP.Trojan.Spambot FOUND\r\n\/home\/iconbuil\/public_html\/wp-content\/themes\/twentyeleven\/images\/infocf5D.php: PHP.Trojan.Spambot FOUND\r\n\r\n----------- SCAN SUMMARY -----------\r\nKnown viruses: 3914119\r\nEngine version: 0.98.1\r\nScanned directories: 257\r\nScanned files: 2066\r\nInfected files: 2\r\nData scanned: 61.04 MB\r\nData read: 43.68 MB (ratio 1.40:1)\r\nTime: 17.003 sec (0 m 17 s)\r\n<\/pre>\n
The major common options for clamav command.<\/h4>\n
2) How to run clamscan to all account in cpanel server ?<\/h4>\n
# \/usr\/local\/cpanel\/3rdparty\/bin\/clamscan -ri \/home\r\n\r\nLibClamAV Warning: **************************************************\r\nLibClamAV Warning: *** The virus database is older than 7 days! ***\r\nLibClamAV Warning: *** Please update it as soon as possible. ***\r\nLibClamAV Warning: **************************************************\r\nLibClamAV Warning: SWF: Invalid tag length.\r\nLibClamAV Warning: SWF: Invalid tag length.\r\nLibClamAV Warning: SWF: Invalid tag length.\r\nLibClamAV Warning: SWF: Invalid tag length.\r\nLibClamAV Warning: SWF: Invalid tag length.\r\nLibClamAV Warning: SWF: Invalid tag length.\r\nLibClamAV Warning: SWF: Invalid tag length.\r\nLibClamAV Warning: SWF: Invalid tag length.\r\n\/home\/wwwrival\/mail\/rivalcloth.com\/rajkumar\/cur\/1369241351.H225665P9618.pulzar.websitedns.in,S=13655:2,S: Heuristics.Phishing.Email.SpoofedDomain FOUND\r\n\/home\/forefor\/mail\/new\/1361984937.H541722P30696.iaaxin.in,S=9982: Heuristics.Phishing.Email.SpoofedDomain FOUND\r\n\/home\/forefor\/mail\/new\/1369690920.H24514P2643.pulzar.websitedns.in,S=9844: Heuristics.Phishing.Email.SpoofedDomain FOUND\r\n\/home\/forefor\/mail\/new\/1362076650.H603724P3839.iaaxin.in,S=9944: Heuristics.Phishing.Email.SpoofedDomain FOUND\r\nLibClamAV Warning: SWF: Invalid tag length.\r\n\r\n----------- SCAN SUMMARY -----------\r\nKnown viruses: 3914119\r\nEngine version: 0.98.1\r\nScanned directories: 70469\r\nScanned files: 1688827\r\nInfected files: 32\r\nData scanned: 23658.66 MB\r\nData read: 44894.86 MB (ratio 0.53:1)\r\nTime: 7090.407 sec (118 m 10 s)\r\n<\/pre>\n
3) How to run clamscan to public_html directory for all account in cpanel server ?<\/h4>\n
# \/usr\/local\/cpanel\/3rdparty\/bin\/clamscan -ri \/home\/*\/public_html\r\n<\/pre>\n
4) How to remove infected file while scanning itself ?<\/h4>\n
# \/usr\/local\/cpanel\/3rdparty\/bin\/clamscan -ri --remove \/home\/*\/public_html\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"