In this tutorial/post we’ll cover the installation and use of ClamAV as anti-virus for your CentOS server with cPanel. Having it installed and configured is the first step but we need a way to run it programmatically and be notified if anything is found so we’ll also setup a cron job to do just that.
With cPanel this part is easy. Start by navigating to
Home >> cPanel >> Manage Plugins. A default cPanel installation should have ClamAV as one of the available plugins. Check the box with the label “Install and keep updated”.
Some basic configurations for which directories will be scanned can be found at
Home >> Plugins >> Configure ClamAV Scanner. cPanel has a decent tutorial and good recommendations here but we’re going to expand on their functionality to incorporate detailed emails, quarantining and purging of viruses.
cPanel’s cron command can be found at the bottom the page here but its basic. The command will loop through each account and run a scan but doesnt do much with the info. If there is a virus on my server I want to know about it immediately. The following shell script will still loop through each account and run a scan but takes it further by emailing a detailed email of the scan’s findings. Found viruses are quarantined in the user’s account home in a directory that is creatively named “quarantine”. We could have configured ClamAV to automatically remove the viruses but this has potential to be bad since false positives are possible and the virus may be attached to an important email. Quarantining instead of immediate removal will give you time to review the summary email you receive from the scan and determine if something was quarantined that shouldn’t have been.
So we have a bunch of viruses in quarantine and we are sure we want them gone. We can purge all user’s quarantined viruses with a similar loop to the one above.
Have your own creative usage of ClamAV? Feel free to chime in with a comments below. Happy virus hunting.