Antivirus/Anti Malware for cPanel servers

Portal Home > Knowledgebase > Articles Database > Antivirus/Anti Malware for cPanel servers

Posted by David_McKim, 03-20-2013, 08:55 PM
Hello, I'm looking for the present-day opinions of what sort of AV/AM software is working well for people in the hosting industry. I'd like to find a nice AV/AM program with a WHM control panel interface that can scan not only OS & server files, but also user account files (and hopefully scan uploads too). I've been eyeballing "Linux Malware Detect", "ClamAV" and "cxs". Does anyone have any favorites, or know if Linux Malware Detect has a WHM presence included? Thanks (I know most uploads can be configured to go through a scanning process of most AV's installed through a hook or a cron job but I have no idea how to set that up).
Posted by Techs@BC, 03-21-2013, 01:20 AM
Malware uploads happen to the server through 2 main vulnerabilities: 1. Account password disclosure 2. Vulnerable applications in websites Malware uploads through account password disclosure can be prevented using CXS (augmented by ClamAV unofficial signatures + LMD signatures). Malware uploads through vulnerable applications can be prevented using mod_security (with signatures from ASL Lite) These have worked for me pretty well. However, I would be interested to know if there are any alternatives to ASL Lite signatures. I know there is Trustwave, but its not custom made for shared hosting industry as ASL Lite is.
Posted by BestServerSupport, 03-21-2013, 09:07 AM
Pyxsoft Antimalware comes as a plugin with WHM. For more details, visit following URL: http://applications.cpanel.net/anti-...lugin-for-whm/
Posted by NetworkPanda, 03-21-2013, 09:24 AM
We are using CXS, maldet and of course ClamAV and they are doing a great job. Especially ConfigServer CXS provides real time protection and instantly removes any malware uploaded via FTP, SFTP, online forms, PHP exploits, or remotely fetched to the server via PHP/wget etc. It is definitely worth it the $50 one time fee.
Posted by Techs@BC, 03-21-2013, 09:39 AM
NetworkPanda, what do you use for other attacks like path traversal? Which mod_sec rule set do you use?
Posted by Techs@BC, 03-21-2013, 09:40 AM
Have you tried this plugin personally? How do they create their rule-sets? How does it compare with ASL, Trustwave, etc?
Posted by David_McKim, 03-21-2013, 03:57 PM
Thanks for the feedback Does anyone know of free options for cPanel server antivirus? (I think clamav is free, but I'm not sure how effective or trusted it is). I would also be interested in any tutorials or step-by-steps out there on how to setup a cPanel antivirus to run whenever a file is uploaded to the server (and how to schedule daily virus scans & automatic removals/quarantines). Any input?
Posted by gnulinuxexpert, 03-21-2013, 04:57 PM
David, ClamAV is free and effective. You need to make sure that its uptodate. It seems there is no such option in ClamAV to alert you whenever a file is uploaded. You need to set cron job so ClamAV will scan the server and alert you with the output. If you wish to have an automatic alert including scan whenever a file is uploaded, CXS is the best option. Its having a daemon that will monitor the uploads. Cheers!!!
Posted by David_McKim, 03-21-2013, 05:44 PM
Ok cool, how would I go about setting up such a cron job, and is there a way to have it automatically quarantine or delete the files? And where would one to to update ClamAV?
Posted by gnulinuxexpert, 03-21-2013, 06:15 PM
David, Unfortunately there is no option in ClamAV to quarantine the infected files. You need to setup some custom script to delete the files that are showing as infected. Also there are chances that the report may sometime false positive. So it would be better to review the files before deleting it. For scanning using ClamAV something like below will work. Save it as scan.sh and provide execute permission. Now set this script to run according to your requirement in crontab. You can set like below in crontab. Below will execute the script 1AM server time daily. Update ClamAV using the command " freshclam ". For automatic scan & quarantine, CXS is the best option. Cheers!!!
Posted by Hostiano, 11-17-2013, 03:46 AM
Are there any free alternatives for ClamAV ?
Posted by Earthblaze, 11-17-2013, 07:27 AM
If you use Centos you could try AVG using the link below. I think you need to manually set up a cron to update virus definitions daily. Not sure how it compares to Clam. http://tech.techteam.gr/how-to-insta...eb-server/714/ Last edited by Earthblaze; 11-17-2013 at 07:34 AM.