![]() DO NOT TOUCH the following line unless you know what you It’s used as a fall back in case db.XY. is # is a round-robin record which points to our most # You can use db.XY. for IPv6 connections. ![]() # Uncomment the following line and replace XY with your country # WARNING: Do not touch it unless you’re configuring freshclam to use your # to verify database and software versions. # Use DNS to verify virus database version. # Initialize supplementary group access (freshclam must be started by root). # Default: clamav (may depend on installation options) This directive allows you to change the database owner. # By default when started freshclam drops privileges and switches to the # This option allows you to save the process identifier of the daemon Always enabled when LogFileMaxSize is enabled. # Specify the type of syslog messages – please refer to ‘man syslog’ # Use system logger (can work together with UpdateLogFile). # log rotation (the LogRotate option) will always be enabled. # and ‘K’ or ‘k’ for kilobytes (1K = 1k = 1024 bytes). # You may use ‘M’ or ‘m’ for megabytes (1M = 1m = 1048576 bytes) # Path to the log file (make sure it has proper permissions) # Default: hardcoded (depends on installation options) # Please read the nf(5) manual before editing this file. My conf file does not deviate from the default by much, but here it is in case you want to use it. Next is the config file for nf which has the configurations for freshclam which updates the virus definiton files. # /etc/nf file created by Justin Roysdon Yum Technology Use man nf for help understanding the different options. You can use my config files and just change the settings you need to change. We need to create the configuration files now. Then, if the install did not already create them, create a couple of new users, clamscan and clamupdate: Yum –disablerepo=* –enablerepo=epel install clamav clamav-scanner clamav-scanner-systemd clamav-server clamav-server-systemd clamav-update See my blog on installing EPEL if you need assistance. Next, use the EPEL repo to install the ClamAV program. But, netcat is easily found and installed from the CentOS/RedHat install media or the default repos. I hope they remove that requirement at some point in the future as having netcat on a system just adds another vector of attack. Unfortunately, netcat (or simply nc) is required to install ClamAV. It is not particularly difficult, but I did not find any good documentation for CentOS 7 or RedHat 7. You also have to change the permissions on the log files to allow these two users to write to the log files. You may also need to create a couple of users (one for scanning and one for updating, it’s best to use two separate users). You must create your own /etc/nf and /etc/nf files in order for it to run properly. It is available for many versions of Linux, but the default configuration files are poorly written and do not work in their default settings. Linux has a great option for a virus scanner called ClamAV. ![]() You should now understand how to install and configure the ClamAV plugin for cPanel to help protect your accounts against virus threats.Like it or not, viruses are a real part of running a server, even a CentOS 7 server. To see all of the options available to you for the clamscan command append the –help flag.home/userna5/public_html/uploads/view.php: PHP.C99-13 FOUND home/userna5/public_html/uploads/sh.php: PHP.C99-13 FOUND home/userna5/public_html/uploads/mail.php: PHP.Mailer-7 FOUND ![]() You should end up with a listing of any infected files that were found such as: The r flag is for recursive, and the i flag is to only show infected files. Run the following command to scan the entire /home/userna5/public_html directory:.Now if you use cPanel’s File Manager you can navigate to the newly created quarantine_clamavconnector directory in your home directory to see the quarantined files.You should then see the cleanup process complete page. We could also just outright Destroy them, or Ignore them by changing our selection to those columns. In my test, all 3 of the files that were found are coming up for known variants of a PHP mailer or PHP shell, so we can just leave the selections in the Quarantine column to place these files outside of our /public_html directory so they are not still accessible to the outside world.After the scan is complete there will be a list of infected files in the Infected Files: section, click OK on the confirmation window that pops up to continue.Now to start a new scan, select the type of scan you want, in this example we’re doing Scan Entire Home Directory, then click on Scan Now.Under the Advanced section, click on Virus Scanner.Now login to your cPanel to use the virus scanner. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |