Install and Configure ClamAV on CentOS6.4 with cPanel

In this tutorial/post we’ll cover the installation and use of ClamAV as anti-virus for your CentOS server with cPanel. Having it installed and configured is the first step but we need a way to run it programmatically and be notified if anything is found so we’ll also setup a cron job to do just that.

Installation

With cPanel this part is easy. Start by navigating to Home >> cPanel >> Manage Plugins. A default cPanel installation should have ClamAV as one of the available plugins. Check the box with the label “Install and keep updated”.

 

Configuration

Some basic configurations for which directories will be scanned can be found at Home >>  Plugins  >>  Configure ClamAV Scanner. cPanel has a decent tutorial and good recommendations here but we’re going to expand on their functionality to incorporate detailed emails, quarantining and purging of viruses.

Cron Job

cPanel’s cron command can be found at the bottom the page here but its basic. The command will loop through each account and run a scan but doesnt do much with the info. If there is a virus on my server I want to know about it immediately. The following shell script will still loop through each account and run a scan but takes it further by emailing a detailed email of the scan’s findings. Found viruses are quarantined in the user’s account home in a directory that is creatively named “quarantine”. We could have configured ClamAV to automatically remove the viruses but this has potential to be bad since false positives are possible and the virus may be attached to an important email. Quarantining instead of immediate removal will give you time to review the summary email you receive from the scan and determine if something was quarantined that shouldn’t have been.

Purging

So we have a bunch of viruses in quarantine and we are sure we want them gone. We can purge all user’s quarantined viruses with a similar loop to the one above.

 

Have your own creative usage of ClamAV? Feel free to chime in with a comments below. Happy virus hunting.

Leave a Reply

Your email address will not be published. Required fields are marked *