If you’re running WHM/cpanel and want to run a scan on every user manually, perhaps when first installing ClamAV, you’ll want to run this command which is endorsed by cPanel themselves.
To enable ClamAV, you’ll want to enter WHM –> Configure ClamAV Scanner and select the check boxes for the type of scan you want to do.
Once that’s done, you can run it with this command:
|
1 |
for i in `awk '!/nobody/{print $2 | "sort | uniq" }' /etc/userdomains | sort | uniq`; do /usr/bin/clamscan -i -r /home/$i 2>>/dev/null; done >> /root/infections& |
Once its running, you can tail the /root/infections log file to see what it finds. You’ll start to see scan results as it finishes each user’s home directory.
You can then set up a root cron job to have it run during off hours. The example below will fire it off at 2am every night.
(ssh into the server and become root)
|
1 |
crontab -e |
|
1 |
0 2 * * * for i in `awk '!/nobody/{print $2 | "sort | uniq" }' /etc/userdomains | sort | uniq`; do /usr/bin/clamscan -i -r /home/$i 2>>/dev/null; done >> /root/infections& |
NOTE: this will just tell you about the infections it finds. You have two options if you’d like to deal with them during the scan:
Remove them (careful, this will delete the file forever.. if it’s a false positive, then you’re SOL).
|
1 |
0 2 * * * for i in `awk '!/nobody/{print $2 | "sort | uniq" }' /etc/userdomains | sort | uniq`; do /usr/bin/clamscan -i -r /home/$i --remove 2>>/dev/null; done >> /root/infections& |
Move them to a different folder:
|
1 |
0 2 * * * for i in `awk '!/nobody/{print $2 | "sort | uniq" }' /etc/userdomains | sort | uniq`; do /usr/bin/clamscan -i -r /home/$i --move=/tmp/infections 2>>/dev/null; done >> /root/infections& |
Related posts from Linux Brigade!
Understanding cron job times Often, you’ll want to use cron to schedule daily, weekly, hourly (etc…) tasks on your linux system(s). cPanel has a little GUI for it, but since I don’t trust GUIs very often, I like […]
Globally disable directory listing on WHM/cPanel One of the things that WHM/cPanel servers have on by default is directory listing. This is something you don’t want – but it’s easy to fix!
1. Log into WHM
2. Apache Configuration […]
Patch your WHM/cPanel machine for heartbleed You’ve certainly heard about Heartbleed by now. If not, you can read more about this vulnerability at Heartbleed.com. Continue reading this post to find out if you’re vulnerable, and how […]- Block account from sending mail WHM/cPanel There may come a time when you’d like to block an account / domain on your WHM/cPanel server from being able to send mail. Here’s how you’d get it done!
We’re going to set up a […]
- Migrate WHM/cPanel from one server to a new one (script)! We’ve started a site to house a script that will migrate your full WHM/cPanel server to new hosting. This takes the new WHM/cPanel backup files and will restore them including system […]
