Running a ClamAV and Maldet scan on cPanel servers – Knowledgebase – Ethernet Servers Ltd
Installing ClamAV via WHM
1) Login to WHM (Web Host Manager) as the root user
2) Navigate to: Home » cPanel » Manage Plugins
3) Tick the Install and keep updated box
4) Click on SaveInstalling ClamAV via SSH
This command tells the system that we want ClamAV to be listed as installed by the local RPM system:/scripts/update_local_rpm_versions --edit target_settings.clamav installedThis command is the one responsible for installing the ClamAV RPM on your server:
/scripts/check_cpanel_rpms --fix --targets=clamavInstalling Maldet
1) Login to SSH as the root user
2) Execute the below commands:cd /usr/local/src/wget http://www.rfxn.com/downloads/maldetect-current.tar.gztar -xzf maldetect-current.tar.gzcd maldetect-*sh ./install.shUpdating the applications
Let’s ensure both applications are up-to-date now:
maldet -d && maldet -u/usr/local/cpanel/3rdparty/bin/freshclamLinking the two together
If you were to run a Linux Malware Detect scan now, it would run with no problem, however, it would not include ClamAV’s definitions, therefore slowing down the scan completion time and threat detection ratio. To solve this, we must create two symbolic links, as follows:
ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/local/bin/clamscanln -s /usr/local/cpanel/3rdparty/bin/freshclam /usr/local/bin/freshclamTo scan a specific user’s home directory, run the following command:
maldet -a /home/userTo launch a background scan for all user’s public_html and public_ftp in all home directories, run the following command:
maldet -b --scan-all /home?/?/public_?More information is available: /usr/local/maldetect/conf.maldet or https://www.rfxn.com/projects/linux-malware-detect/
Leave a Reply