Skip to main content

Using AV clamscan question

Comments

13 comments

  • cPanelMichael
    but i received this error : /usr/local/cpanel/bin/jailshell: /root/infections: No such file or directory

    Hello, You will need to add that cron job as "root" rather than as an account. To edit the root crontab, login via SSH as root and add it as a new line using the "crontab -e" command. Thank you.
    0
  • chanklish
    Hello, You will need to add that cron job as "root" rather than as an account. To edit the root crontab, login via SSH as root and add it as a new line using the "crontab -e" command. Thank you.

    can i d it via gui in whm ? if not what is the entire command to be added from ssh ? thank you
    0
  • cPanelMichael
    Hello, There are no native features that allow you to add root cron jobs via Web Host Manager. Here's the full command to use while logged in via SSH as "root":
    crontab -e
    The following thread provides more information on this topic: Cron Job Thank you.
    0
  • chanklish
    Hello, There are no native features that allow you to add root cron jobs via Web Host Manager. Here's the full command to use while logged in via SSH as "root":
    crontab -e
    The following thread provides more information on this topic: Cron Job Thank you.

    i have access to ssh but 1-he says to make a file and put this in it : #!/bin/bash for i in `awk '!/nobody/{print $2 | "sort | uniq" }' /etc/userdomains | sort | uniq`; do /usr/local/cpanel/3rdparty/bin/clamscan -i -r /home/$i 2>>/dev/null; done >> /root/infections& how ?!
    0
  • cPanelMichael
    Hello, Rather than setting up a custom bash script, you may simply want to add the following cron job when using the "crontab -e" command:
    0 5 * * * /usr/local/cpanel/3rdparty/bin/clamscan -ir /home/ | mail -s "subject" your@email.com
    This will scan the entire home directory every night at 5AM and email you the results. Thank you.
    0
  • chanklish
    Hello, Rather than setting up a custom bash script, you may simply want to add the following cron job when using the "crontab -e" command:
    0 5 * * * /usr/local/cpanel/3rdparty/bin/clamscan -ir /home/ | mail -s "subject" your@email.com
    This will scan the entire home directory every night at 5AM and email you the results. Thank you.

    when i put crontab -e i get the following picture .. how can i add the command ?
    0
  • cPanelMichael
    Hello, It loads the default text editor. You'd need to review the following third-party URLs for help using nano or vi: The Beginner"s Guide to Nano, the Linux Command-Line Text Editor Using vi, the Unix Visual Editor Thank you.
    0
  • chanklish
    thank you .. i added it .. now i will wait for tomorrow and see the results
    0
  • chanklish
    Hello, Rather than setting up a custom bash script, you may simply want to add the following cron job when using the "crontab -e" command:
    0 5 * * * /usr/local/cpanel/3rdparty/bin/clamscan -ir /home/ | mail -s "subject" your@email.com
    This will scan the entire home directory every night at 5AM and email you the results. Thank you.

    i added it but did not receive an email the next day ..how can i check what happened ?!
    0
  • chanklish
    i am sorry .. i received now this email .. but i did not know what happened with the infected items
    /home/virtfs/africatc/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/africatc/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND /home/virtfs/africatc/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND /home/virtfs/africatc/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/safrimex/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/safrimex/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND /home/virtfs/safrimex/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND /home/virtfs/safrimex/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/sonades/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/sonades/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND /home/virtfs/sonades/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND /home/virtfs/sonades/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/groupsoc/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/groupsoc/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND /home/virtfs/groupsoc/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND /home/virtfs/groupsoc/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/centralm/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/centralm/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND /home/virtfs/centralm/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND /home/virtfs/centralm/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/alliancelibanais/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/alliancelibanais/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND /home/virtfs/alliancelibanais/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND /home/virtfs/alliancelibanais/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/megatran/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/megatran/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND /home/virtfs/megatran/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND /home/virtfs/megatran/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/clcongo/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/clcongo/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND /home/virtfs/clcongo/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND /home/virtfs/clcongo/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/jpbv/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/jpbv/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND /home/virtfs/jpbv/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND /home/virtfs/jpbv/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/congooil/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/congooil/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND /home/virtfs/congooil/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND /home/virtfs/congooil/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/national/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/national/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND /home/virtfs/national/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND /home/virtfs/national/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/socimex/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/socimex/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND /home/virtfs/socimex/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND /home/virtfs/socimex/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/inspecta/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/inspecta/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND /home/virtfs/inspecta/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND /home/virtfs/inspecta/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/socitran/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.6.5_2.7/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND /home/virtfs/socitran/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804-1 FOUND /home/virtfs/socitran/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/4.5.3_4.6/diff: Win.Exploit.CVE_2016_7282-3 FOUND /home/virtfs/socitran/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.9.2_3.0.1/diff: Html.Exploit.CVE_2017_0221-6306915-0 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 6303701 Engine version: 0.99.2 Scanned directories: 257591 Scanned files: 2014099 Infected files: 56 Data scanned: 108467.41 MB Data read: 151413.93 MB (ratio 0.72:1) Time: 28089.460 sec (468 m 9 s)
    and this :
    LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
    0
  • cPanelMichael
    Hello, You can find a similiar thread here: infected files in virtfs
    LibClamAV Warning: cli_scanxz: decompress file size exceeds limits

    This is answered on the following third-party URL: what does this clamAV message mean? Thank you.
    0
  • chanklish
    Hello, You can find a similiar thread here: infected files in virtfs This is answered on the following third-party URL: what does this clamAV message mean? Thank you.

    thank you for your input .. i understand the size limitations now .. but for the first email about the virtfs i still dont understand what to do ..would be fixed if i remove wordpress addons ?
    0
  • cPanelMichael
    thank you for your input .. i understand the size limitations now .. but for the first email about the virtfs i still dont understand what to do ..would be fixed if i remove wordpress addons ?

    The output suggests those files only exist in the /home/virtfs/$username directories and not under the account's home directory. You should never manually alter or remove files from the VirtFS directory. You can read about how to clear the VirtFS mounts at: VirtFS - Jailed Shell - Documentation - cPanel Documentation Thank you.
    0

Please sign in to leave a comment.