(WHM >> Home >> Plugins >> Configure ClamAV Scanner)

Overview

The Clam AntiVirus Scanner (ClamAV) antivirus software searches your server for malicious programs. If the scanner identifies a potential security threat, it flags the file to allow you to take the appropriate action.

After you configure ClamAV, we recommend that you schedule a root cron job to run daily during off-peak hours. For more information, read the ClamAV cron job section below.

How to install ClamAV

To install or uninstall ClamAV, use WHM's Manage Plugins interface (WHM >> Home >> cPanel >> Manage Plugins).

Configure ClamAV

To configure ClamAV, perform the following steps:

  1. Select the services that you wish to scan.
  2. Click Save.

ClamAV automatically scans inbound messages through Exim. However, you must perform additional steps if you wish for ClamAV to scan outbound messages through Exim.

Configure ClamAV for specific users

If you wish to override the ClamAV configuration for specific users, click User Configuration. The User Configuration interface also allows you to set override defaults for all configured users.

Add or remove configured users

Before you can configure a user's ClamAV settings, that user must appear in the Configured Users menu.

To add a user to the Configured Users menu, perform the following steps:

  1. Select the desired user from the User List menu.
  2. Click Add.

To remove a user from the Configured Users menu, perform the following steps:

  1. Select the desired user from the Configured Users menu.
  2. Click Remove.

After you remove a user from the Configured Users menu, ClamAV will use the main configuration to scan that user's portion of the server.

Configure defaults for new configured users

ClamAV applies the settings that you specify under the Defaults header to all new configured users.

To set the default settings for new configured users, perform the following steps:

  1. Select the services that you wish to scan.
  2. Click Save.

Configure settings for an individual user

To configure ClamAV for an individual user, perform the following steps:

  1. In the Group Scanner Configuration section's Configured Users menu, select the user for whom you wish to configure ClamAV.
  2. Select the services that you wish to scan.
  3. Click Save Defaults.

Configure ClamAV for Exim

You must perform these additional steps if you wish for ClamAV to scan outgoing messages through Exim.

To configure ClamAV to scan outbound messages through Exim, perform the following steps:

  1. Navigate to WHM's Exim Configuration Manager interface (WHM >> Home >> Service Configuration >> Exim Configuration Manager >> Basic Editor >> Security).
  2. For the Scan messages for malware from authenticated senders (exiscan) option, select the On setting.
  3. For the Scan outgoing messages for malware option, select the On setting.
  4. Click Save.

Command line interface

If you prefer to use the command line interface to run ClamAV, the binaries reside in the /usr/local/cpanel/3rdparty/bin/ directory:

/usr/local/cpanel/3rdparty/bin/clamscan
/usr/local/cpanel/3rdparty/bin/clamdscan
/usr/local/cpanel/3rdparty/bin/freshclam

To customize a manual run of ClamAV on the command line, you can edit the following options in the /usr/local/cpanel/3rdparty/etc/clamd.conf file:

OptionDescription
FixStaleSocket
Removes a stale socket file after an unsuccessful system shutdown.
LocalSocket
The path to a local socket file on which the daemon listens.
PhishingScanURLs
Scans URLs that appear in emails for phishing attempts.
PhishingSignatures
Scans signatures that appear in emails for phishing attempts.
PidFile

The path to the process identifier file of the listening
daemon.

ScanMail
Enables the internal email scanner.


If you use scripts that expect ClamAV binaries in the /usr/local/bin directory, create symbolic links with the following commands:

ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/local/bin/clamscan
ln -s /usr/local/cpanel/3rdparty/bin/freshclam /usr/local/bin/freshclam

ClamAV cron job

After you configure ClamAV, we recommend that you schedule a root cron job to run daily during off-peak hours. The cron job will run the following command:

for i in `awk '!/nobody/{print $2 | "sort | uniq" }' /etc/userdomains | sort | uniq`; do /usr/local/cpanel/3rdparty/bin/clamscan -i -r /home/$i 2>>/dev/null; done >> /root/infections&

This command recursively searches the home directory for spam and infected files.

Additional documentation