In this article we'll discuss how you can install and configure the ClamAV plugin for cPanel. ClamAV is a popular open source anti-virus scanner, and with the ClamAV plugin you can allow your cPanel users to scan their e-mails as well as scan their home directories for malicious files.

Getting this installed yourself would require root access on either your VPS (Virtual Private Server) or dedicated server, or you can contact support to have us install the ClamAV anti-virus plugin for you for a $25 installation fee. You can follow the steps below to get ClamAV setup if you already have root access.

Install and configure ClamAV plugin in WHM

  1. Log into WHM.
  2. In the top-left Find box, type in plugins, then click on Manage Plugins.
    click-on-manage-plugins
  3. Place a check beside ClamAV in the Install and keep updated selection box, then click Save at the bottom.
    clam-av-select-install-click-save
  4. The install process can take a good amount of time, upwards of 10 minutes, so be patient and don't close the web-browser until it completes. When it finishes you'll see a Process Complete message at the bottom of the screen.
    process-complete
  5. Log out, and then back into WHM again.
  6. In the top-left Find box, type in clamav, then click on Configure ClamAV Scanner.
    click-on-configure-clam-av-scanner
  7. Now you can set the global scan permissions you'd like to set. If you'd simply like to allow any cPanel user to scan any of their stuff you can place a check beside Scan Entire Home DirectoryScan MailScan Public FTP Space, and Scan Public Web Space, then click on Save.
    check-global-scans-click-save

 

Run ClamAV virus scan from cPanel

 
  1. Now login to your cPanel to use the virus scanner.
  2. Under the Advanced section, click on Virus Scanner.
    cpanel-click-on-virus-scanner
  3. Now to start a new scan, select the type of scan you want, in this example we're doing Scan Entire Home Directory, then click on Scan Now.
    select-scan-entire-home-directory-click-scan-now
  4. After the scan is complete there will be a list of infected files in the Infected Files: section, click OK on the confirmation window that pops-up to continue.
    virus-scan-complete-found-hacks-click-ok
  5. In this case all 3 of the files that were found are coming up for known variants of a PHP mailer or PHP shell, so we can just leave the selections in the Quarantine column to place these files outside of our /public_html directory so they are not still accessible to the outside world. We could also just outright Destroy them, or Ignore them by changing our selection to those columns. Then simply click on Process Cleanup.
    click-on-process-cleanup
  6. You should now see the cleanup process complete page.
    virus-scan-clean-up-complete
  7. Now if you use cPanel's File Manager you can navigate to the newly created quarantine_clamavconnector directory in your home directory to see the quarantined files.
    cpanel-file-manager-click-on-quarantine

 

Run ClamAV scan from console (SSH)

 
  1. Login to your server via SSH.
  2. Run the following command to scan the entire /home/userna5/public_html directory:

    clamscan -ri /home/userna5/public_html

    The r flag is for recursive, and the i flag is to only show infected files.

    You should end up with a listing of any infected files that were found such as:

    /home/userna5/public_html/uploads/mail.php: PHP.Mailer-7 FOUND
    /home/userna5/public_html/uploads/sh.php: PHP.C99-13 FOUND
    /home/userna5/public_html/uploads/view.php: PHP.C99-13 FOUND

    ----------- SCAN SUMMARY -----------
    Known viruses: 1324142
    Engine version: 0.97.6
    Scanned directories: 4979
    Scanned files: 13835
    Infected files: 3
    Data scanned: 583.20 MB
    Data read: 1193.90 MB (ratio 0.49:1)
    Time: 372.032 sec (6 m 12 s)

  3. To see all of the options available to you for the clamscan command append the --help flag.

    clamscan --help

You should now understand how to install and configure the ClamAV plugin for cPanel to help protect your accounts against virus threats.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Like this Article?

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

News / Announcements

WordPress wp-login.php brute force attack
Updated 2014-07-17 06:43 pm EST
Hits: 200897

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!