cPanel: Running a ClamAV and Maldet scan Print

  • 14207

You may be familiar with ClamAV and Maldet (aka Linux Malware Detect). They're widely known as two excellent choices for identifying malware. What you may not realize, however, is that they can be used together. The benefit of doing this is a faster, more effective malware scan meaning you're more likely to identify potential threats.

This tutorial is based around cPanel systems and will require changes on other platforms.

Installing ClamAV via WHM

1) Login to WHM (Web Host Manager) as the root user
2) Navigate to: Home » cPanel » Manage Plugins
3) Tick the Install and keep updated box
4) Click on Save

Installing ClamAV via SSH

This command tells the system that we want ClamAV to be listed as installed by the local RPM system:

/scripts/update_local_rpm_versions --edit target_settings.clamav installed

This command is the one responsible for installing the ClamAV RPM on your server:


/scripts/check_cpanel_rpms --fix --targets=clamav

Installing Maldet

1) Login to SSH as the root user
2) Execute the below commands:

cd /usr/local/src/
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzf maldetect-current.tar.gz
cd maldetect-1.6.4
sh ./install.sh

Linking the two together

If you were to run a Linux Malware Detect scan now, it would run with no problem, however; it would not include ClamAV's definitions, therefore slowing down the scan completion time and threat detection ratio. To solve this, we must create two symbolic links, as follows:

ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/local/bin/clamscan
ln -s /usr/local/cpanel/3rdparty/bin/freshclam /usr/local/bin/freshclam

Updating the applications

Let's ensure both applications are up-to-date now:

maldet -d
maldet -u
/usr/local/cpanel/3rdparty/bin/freshclam

Running a malware scan

Now, when you run a Maldet scan, you'll have the best of both worlds (think of it as ClamAV and Linux Malware Detect teaming up). Say you wanted to run a malware scan of /home, you could do so with:

maldet -a /home/?

The above command will scan all files and directories within the /home directory, which is where the content for cPanel accounts is stored.

Below is a sample output of what you should see:

root@server [~]# maldet -a /home/?
Linux Malware Detect v1.6.4
            (C) 2002-2019, R-fx Networks <proj@rfxn.com>
            (C) 2019, Ryan MacDonald <ryan@rfxn.com>

This program may be freely redistributed under the terms of the GNU GPL v2

maldet(4626): {scan} signatures loaded: 15552 (12740 MD5 | 2035 HEX | 777 YARA | 0 USER)
maldet(4626): {scan} building file list for /home/digitools4u/?, this might take awhile...
maldet(4626): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
maldet(4626): {scan} file list completed in 0s, found 15555 files...
maldet(4626): {scan} found clamav binary at /usr/local/cpanel/3rdparty/bin/clamdscan, using clamav scanner engine...
maldet(4626): {scan} scan of /home/digitools4u/? (15555 files) in progress...
maldet(4626): {scan} processing scan results for hits: 4 hits 0 cleaned
maldet(4626): {scan} scan completed on /home/user/?: files 15555, malware hits 4, cleaned hits 0, time 113s
maldet(4626): {scan} scan report saved, to view run: maldet --report 190823-1904.4626
maldet(4626): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 190823-1904.4626
root@server [~]#


Was this answer helpful?

« Back

We've worked with 25,506 customers in 143 countries - come & join us!
C I Wing September 19, 2024
"Support is brilliant"

Highly recommending Ethernet Servers, top notch and support is brilliant. Go for it as I am using the VPS already.

Paola Meyer September 5, 2024
"Splendid service"

All tickets are handled in timely manner. One of the best customer attentions I've had in the last 15 years. I wholeheartedly recommend ethernetservers.com for their splendid service.

Robin Gupta September 3, 2024
"Very happy"

I've been using Ethernet Servers since 2014, and they’ve always provided excellent service. I have many shared hosting accounts with them, and for the past five months, I’ve also been using their managed dedicated servers. What really stands out is their support. George, who I respectfully call Sir, is always there when I need help. He’s very knowledgeable and professional, and his assistance has made a big difference for me. If you’re looking for affordable and reliable web hosting, I highly recommend Ethernet Servers. They’ve been great to work with, and I’m very happy with their service. Thanks for everything!

David August 9, 2024
"Service is excellent"

The service is excellent. George went above and beyond. In this day and age, it is very nice to have a real person that I can deal with rather than a chatbot or some nameless/faceless tech support department as is often the case at other hosting providers. Highly recommended.


Ethernet Servers Ltd
124 City Road
London
EC1V 2NX
United Kingdom


Registered Limited Company: #09114946

Telephone:
+44 330 043 1258

Email:
hello@ethernetservers.com

Copyright © 2014 - 2024 - Ethernet Servers Ltd - All Rights Reserved.

Proudly serving customers in 143 countries since July 2014!