303: Install and configure ClamAV plugin for cPanel
In this article we'll discuss how you can install and configure the ClamAV plugin for cPanel. ClamAV is a popular open source anti-virus scanner, and with the ClamAV plugin you can allow your cPanel users to scan their e-mails as well as scan their home directories for malicious files.
Getting this installed yourself would require root access on either your VPS (Virtual Private Server) or dedicated server, or you can contact support to have us install the ClamAV anti-virus plugin for you for a $25 installation fee. You can follow the steps below to get ClamAV setup if you already have root access.
Install and configure ClamAV plugin in WHM
- Log into WHM.
- In the top-left Find box, type in plugins, then click on Manage Plugins.
- Place a check beside ClamAV in the Install and keep updated selection box, then click Save at the bottom.
- The install process can take a good amount of time, upwards of 10 minutes, so be patient and don't close the web-browser until it completes. When it finishes you'll see a Process Complete message at the bottom of the screen.
- Log out, and then back into WHM again.
- In the top-left Find box, type in clamav, then click on Configure ClamAV Scanner.
- Now you can set the global scan permissions you'd like to set. If you'd simply like to allow any cPanel user to scan any of their stuff you can place a check beside Scan Entire Home Directory, Scan Mail, Scan Public FTP Space, and Scan Public Web Space, then click on Save.
Run ClamAV virus scan from cPanel
- Now login to your cPanel to use the virus scanner.
- Under the Advanced section, click on Virus Scanner.
- Now to start a new scan, select the type of scan you want, in this example we're doing Scan Entire Home Directory, then click on Scan Now.
- After the scan is complete there will be a list of infected files in the Infected Files: section, click OK on the confirmation window that pops-up to continue.
- In this case all 3 of the files that were found are coming up for known variants of a PHP mailer or PHP shell, so we can just leave the selections in the Quarantine column to place these files outside of our /public_html directory so they are not still accessible to the outside world. We could also just outright Destroy them, or Ignore them by changing our selection to those columns. Then simply click on Process Cleanup.
- You should now see the cleanup process complete page.
- Now if you use cPanel's File Manager you can navigate to the newly created quarantine_clamavconnector directory in your home directory to see the quarantined files.
Run ClamAV scan from console (SSH)
- Login to your server via SSH.
- Run the following command to scan the entire /home/userna5/public_html directory:
clamscan -ri /home/userna5/public_html
The r flag is for recursive, and the i flag is to only show infected files.
You should end up with a listing of any infected files that were found such as:
/home/userna5/public_html/uploads/mail.php: PHP.Mailer-7 FOUND
/home/userna5/public_html/uploads/sh.php: PHP.C99-13 FOUND
/home/userna5/public_html/uploads/view.php: PHP.C99-13 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 1324142
Engine version: 0.97.6
Scanned directories: 4979
Scanned files: 13835
Infected files: 3
Data scanned: 583.20 MB
Data read: 1193.90 MB (ratio 0.49:1)
Time: 372.032 sec (6 m 12 s)
- To see all of the options available to you for the clamscan command append the --help flag.
You should now understand how to install and configure the ClamAV plugin for cPanel to help protect your accounts against virus threats.