Scanning Zipfiles with AV

durangod

• June 19, 2019 22:20

Hi, if a site on shared hosting with cpanel installed allows users to upload zip files via a site form, is there anything that cpanel has that can scan those files as they are uploaded to the server? These sites dont have root access so they cant install anything, it needs to be something readily available off the menu. What can be done to secure these zip files to prevent viruses and such from being uploaded via zip files? Thanks :)

• 

  fuzzylogic

  • June 20, 2019 07:04

  ConfigServer eXploit Scanner does that, but it is a paid cPanel plugin. From the cxs Documentation... [QUOTE] cxs Watch Daemon This is an alternative to ftp and web script upload scanning. The cxs Watch daemon uses a separate process to constantly watch entire user accounts for new and modified files and scans them immediately. The scanning children use up significantly fewer resources than the ftp and web script upload scanning methods.
  The default options for cxswatch are options=mMOLfuSGchexdnwZRrD Z stands for scan compressed files. Additionally, cxs can provide a Modsecurity rule which pipes all http uploads to cxs for scanning before the http request is allowed to complete. The http request is blocked by Modsecurity if cxs gets a match. So in your case I would expect both methods to detect almost in real time a compressed exploit known to clamav. Sorry I just reread your post and you wanted something that a regular cPanel account user can access. My suggestions only apply to a server administrator with root access.

  0
• 

  cPanelMichael

  • June 20, 2019 15:29

  Hello @durangod, ImunifyAV is planned for integration with all cPanel & WHM servers in upcoming cPanel & WHM versions. You can read more about it on our blog post below: ImunifyAV | Documentation Thank you.

  0
• 

  durangod

  • June 22, 2019 03:51

  Thats great thanks... :)

  0

Please sign in to leave a comment.