Hosting in Europe

Portal Home > Knowledgebase > WHM Tutorials > How to run ClamAV from command line (ssh) on a cPanel server


How to run ClamAV from command line (ssh) on a cPanel server




ClamAV

A few days ago one of our client was affected by a virus on his cPanel server
ClamAV is a very common antivirus for cPanel server

Bellow are the main commands to scan the cPanel server with ClamAV:

1) How to scan a particular user on cPanel


root@websrv [~]# /usr/local/cpanel/3rdparty/bin/clamscan -ri /home/iconbuil/public_html

LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***   Please update it as soon as possible.    ***
LibClamAV Warning: **************************************************
LibClamAV Warning: Detected duplicate databases /usr/local/cpanel/3rdparty/share/clamav/main.cvd and /usr/local/cpanel/3rdparty/share/clamav/main.cld. The /usr/local/cpanel/3rdparty/share/clamav/main.cvd database is older and will not be loaded, you should manually remove it from the database directory.
/home/iconbuil/public_html/wp-content/plugins/tinymce-advanced/css/index2CDEN.php: PHP.Trojan.Spambot FOUND
/home/iconbuil/public_html/wp-content/themes/twentyeleven/images/infocf5D.php: PHP.Trojan.Spambot FOUND

----------- SCAN SUMMARY -----------
Known viruses: 3914119
Engine version: 0.98.1
Scanned directories: 257
Scanned files: 2066
Infected files: 2
Data scanned: 61.04 MB
Data read: 43.68 MB (ratio 1.40:1)
Time: 17.003 sec (0 m 17 s)
-rTo check files Recursively.
-iTo show only Infected files.


2) How to scan all account on cPanel server

root@websrv [~]# /usr/local/cpanel/3rdparty/bin/clamscan -ri /home

LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***   Please update it as soon as possible.    ***
LibClamAV Warning: **************************************************
LibClamAV Warning: SWF: Invalid tag length.
LibClamAV Warning: SWF: Invalid tag length.
LibClamAV Warning: SWF: Invalid tag length.
LibClamAV Warning: SWF: Invalid tag length.
LibClamAV Warning: SWF: Invalid tag length.
LibClamAV Warning: SWF: Invalid tag length.
LibClamAV Warning: SWF: Invalid tag length.
LibClamAV Warning: SWF: Invalid tag length.
/home/iphost/mail/innovahosting.net.com/dan/cur/1369241351.H225665P9618.pulzar.websitedns.in,S=13655:2,S: Heuristics.Phishing.Email.SpoofedDomain FOUND
/home/iphost/mail/innovahosting.net/dan/cur/1373629381.H538317P10139.pulzar.websitedns.in,S=13643:2,S: Heuristics.Phishing.Email.SpoofedDomain FOUND
/home/iphost/mail/innovahosting.net/dan/cur/1377272646.H250116P28818.pulzar.websitedns.in,S=10573:2,S: Heuristics.Phishing.Email.SpoofedDomain FOUND
LibClamAV Warning: SWF: Invalid tag length.
/home/iphost/mail/new/1368469015.H94641P6763.websrv.innovahosting.in,S=9864: Heuristics.Phishing.Email.SpoofedDomain FOUND

----------- SCAN SUMMARY -----------
Known viruses: 3914119
Engine version: 0.98.1
Scanned directories: 70469
Scanned files: 1688827
Infected files: 32
Data scanned: 23658.66 MB
Data read: 44894.86 MB (ratio 0.53:1)
Time: 7090.407 sec (118 m 10 s)
3) How to scan only public_html directoryes for all accounts

root@websrv [~]# /usr/local/cpanel/3rdparty/bin/clamscan -ri /home/*/public_html

4) How to remove infected files on cPanel server

root@websrv [~]# /usr/local/cpanel/3rdparty/bin/clamscan -ri -–remove /home/*/public_html


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read

Language:
CUSTOMER TESTIMONIALS
John Smith
Since i have migrated my website to IPhost I receive quality services and good 24/7 support. In my opinion it's the best host MD Data Center
Bob Mitchel
Much better than my previous company, I also got help with software installation. VPS in Moldova is a good solution