Knowledgebase:
How To Configure ClamAV to Perform Weekly System Scans and Send Email Notifications on Cpanel Servers
Posted by vipin h, Last modified by vipin h on 14 May 2018 05:09:04 PM

This article will guide you through the installation of ClamAV on a VPS/Dedicated Server with cPanel installed. We will also configure a weekly scan on ourServer.

What is ClamAv?

The Clam AntiVirus Scanner (ClamAV) antivirus software searches your server for malicious programs. If the scanner identifies a potential security threat, it flags the file to allow you to take the appropriate action.

How To install ClamAV?

You can easily install ClamAV on a cPanel server via WHM's Manage Plugins interface (WHM >> Home >> cPanel >> Manage Plugins).

How To Update ClamAV’s signatures?

The ClamAv binaries reside in the /usr/local/cpanel/3rdparty/bin/ directory:

/usr/local/cpanel/3rdparty/bin/clamscan
/usr/local/cpanel/3rdparty/bin/clamdscan
/usr/local/cpanel/3rdparty/bin/freshclam

You can create symbolic links for these binaries to "/usr/local/bin" directory so that you don't want to mention the complete path to the binary file everytime you run it

ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/local/bin/clamscan
ln -s /usr/local/cpanel/3rdparty/bin/freshclam /usr/local/bin/freshclam

 

Now, run the following command to update ClamAV’s signatures:

/usr/local/bin/freshclam

How To Configure a Weekly Scan?

Now, just copy paste the following script to a file called "clamavscan.sh" under "/opt/" directory.

 #!/bin/bash
rm -f /root/infections;
touch /root/infections;
for i in `awk '!/nobody/{print $2 | "sort | uniq" }' /etc/userdomains | sort | uniq`;
do echo -e "Scan Report for Account $i \n" >>/root/infections ;echo -e "Scan Started at `date` \n" >> /root/infections ;
nice -n5 /usr/local/cpanel/3rdparty/bin/clamscan -i -r /home/$i/public_html 2>>/dev/null >> /root/infections;
echo -e "\n Scan Ended at `date` \n--------------------------------------  \n \n" >> /root/infections; done;
cat /root/infections | mail -s "ClamAV Scan Result" -r "clamav@$HOSTNAME"  email@domain.com

 

The above script will scan the files under the "public_html" directory of all the cpanel accounts hosted on your server. Please do remember to replace "email@domain.com" with the respective email address you want to receive the alerts to.

 

Finally, create a cron job to automate this scan on a Weekly basis.

Eg: To create a cron job that runs on every Sunday at 00:00, use the following entry:

0 0 * * SUN  /bin/sh /opt/clamavscan.sh

That's it!. You are done.

(1 vote(s))
Helpful
Not helpful

Comments (0)