Biblioteca de cunoștințe
Configure ClamAV Scanner Tipărire
Overview:
For cPanel & WHM version 88 and later, we recommend using ImunifyAV instead of ClamAV.
For more information, read our How to Install ImunifyAV documentation.
The Clam AntiVirus Scanner (ClamAV) antivirus software searches your server for malicious programs. If the scanner identifies a potential security threat, it flags the file to allow you to take the appropriate action.
-
We strongly recommend that at least three gigabytes (GB) of RAM exist on your server if you install ClamAV. Your server may experience performance issues if it lacks enough RAM and you use ClamAV.
-
After you configure ClamAV, we recommend that you schedule a
root
cron job to run daily during off-peak hours. For more information, read the ClamAV cron job section below. -
Unlike the maildir mailbox, which stores messages individually, the mbox mailbox format uses a simpler index and bundles messages into files. In order to successfully locate, inspect, and manage files that ClamAV flags on mbox-formatted mailboxes, system administrators need additional expertise with the
doveadm
command. System administrators unfamiliar with thedoveadm
command who wish to use ClamAV may wish to convert their server’s mailboxes to the maildir format. -
For more information about the
doveadm
command and the mbox format, read DoveCot’s MailboxFormat documentation. -
For more information on how to convert your server’s mailboxes to the maildir format, read our Mailbox Conversion documentation.
How to install ClamAV
To install or uninstall ClamAV, use WHM’s Manage Plugins interface (WHM >> Home >> cPanel >> Manage Plugins).
We strongly recommend that at least three gigabytes (GB) of RAM exist on your server if you install ClamAV. Your server may experience performance issues if it lacks enough RAM and you use ClamAV.
Configure ClamAV
To configure ClamAV, perform the following steps:
-
Select the services that you wish to scan.
-
Scan Entire Home Directory — Scans your server’s home directory.
-
Scan Mail — Scans all of your server’s mail folders.
-
Scan Public FTP Space — Scans all folders that FTP users can access.
-
Scan Public Web Space — Scans all folders that web visitors can access.
-
-
Click Save.
ClamAV automatically scans inbound messages through Exim. However, you must perform additional steps if you wish for ClamAV to scan outbound messages through Exim.
Configure ClamAV for specific users
If you wish to override the ClamAV configuration for specific users, click User Configuration. The User Configuration interface also allows you to set override defaults for all configured users.
Add or remove configured users
Before you can configure a user’s ClamAV settings, that user must appear in the Configured Users menu.
To add a user to the Configured Users menu, perform the following steps:
-
Select the desired user from the User List menu.
-
Click Add.
- If you wish to add all available users to the Configured Users menu, click Add All.
To remove a user from the Configured Users menu, perform the following steps:
-
Select the desired user from the Configured Users menu.
-
Click Remove.
- If you wish to remove all available users to the Configured Users menu, click Remove All.
After you remove a user from the Configured Users menu, ClamAV will use the main configuration to scan that user’s portion of the server.
Configure defaults for new configured users
ClamAV applies the settings that you specify under the Defaults header to all new configured users.
To set the default settings for new configured users, perform the following steps:
-
Select the services that you wish to scan.
-
Scan Entire Home Directory — Scans the user’s home directory.
-
Scan Mail — Scans the user’s mail folders.
-
Scan Public FTP Space — Scans all folders that FTP users can access.
-
Scan Public Web Space — Scans all folders that web visitors can access.
-
-
Click Save.
Configure settings for an individual user
To configure ClamAV for an individual user, perform the following steps:
-
In the Group Scanner Configuration section’s Configured Users menu, select the user for whom you wish to configure ClamAV.
-
If the desired user does not appear in the Configured Users menu, follow the instructions in the Add or remove configured users section above to add that user.
-
In the User Scanner Configuration section, click Configure.
-
-
Select the services that you wish to scan.
-
Scan Entire Home Directory — Scans the user’s home directory.
-
Scan Mail — Scans the user’s mail folders.
-
Scan Public FTP Space — Scans all folders that FTP users can access.
-
Scan Public Web Space — Scans all folders that web visitors can access.
-
-
Click Save Defaults.
Configure ClamAV for Exim
You must perform these additional steps if you wish for ClamAV to scan outgoing messages through Exim.
To configure ClamAV to scan outbound messages through Exim, perform the following steps:
-
Navigate to WHM’s Exim Configuration Manager interface (WHM >> Home >> Service Configuration >> Exim Configuration Manager >> Basic Editor >> Security).
-
For the Scan messages for malware from authenticated senders (exiscan) option, select the On setting.
-
For the Scan outgoing messages for malware option, select the On setting.
-
Click Save.
Command line interface
If you prefer to use the command line interface to run ClamAV, the binaries reside in the /usr/local/cpanel/3rdparty/bin/
directory:
|
|
To customize a manual run of ClamAV on the command line, you can edit the following options in the /usr/local/cpanel/3rdparty/etc/clamd.conf
file:
-
FixStaleSocket
— Removes a stale socket file after an unsuccessful system shutdown. -
LocalSocket
— The path to a local socket file on which the daemon listens. -
PhishingScanURLs
— Scans URLs that appear in emails for phishing attempts. -
PhishingSignatures
— Scans signatures that appear in emails for phishing attempts. -
PidFile
— The path to the process identifier file of the listening daemon. -
ScanMail
— Enables the internal email scanner.
If you use scripts that expect ClamAV binaries in the /usr/local/bin
directory, create symbolic links with the following commands:
|
|
ClamAV cron job
After you configure ClamAV, we recommend that you schedule a root
cron job to run daily during off-peak hours. The following example demonstrates a command that will scan the server’s accounts:
while read domain user; do /usr/local/cpanel/3rdparty/bin/clamscan -i -r /home/"$user" 2>&1; done </etc/trueuserdomains >>/root/infections.txt
This command recursively searches the home
directory for spam and infected files.