• We have solutions from A - Z

Posts Tagged :

Trojen

ISPCONFIG Free Virus scanning

1024 507 rdwild

If you are running ISPCONFIG to host client website and email at some point you are going to run across an infected website or two. As a host, you can encourage your clients to make sure their content management systems (joomla, wordpress) is regularly updating their code base and plugins. Keeping them updated is what is going to keep your hosts websites virus and trojen-free as hackers often target plugins which have security issues. It is important to stay vigilant when it comes to hackers that might want to use your website to do bad things … send out spam emails, attach other systems etc.

You could subscribe to a pay service that will provide a plugin to scan for Viruses and Trojens and the cost is quite reasonable.

https://ispprotect.com/

But there is another way … and its free!

Installing Clamwin (Ubuntu)

First – Update the installation

apt update -y

Then Install Clamwin

apt install clamav clamav-daemon -y

You should be able to check that clamwin is installed with the below command

clamscan -V

This should look something like: ClamAV 0.103.8/26984/Sat Jul 29 07:26:39 2023

Once clamwin is installed we next need to add our scanning script.

use your preferred editor (I use nano) to create “clamscan_daily.sh”

nano clamscan_daily.sh
#!/bin/bash
LOGFILE_EMAIL="/var/log/clamav/clamav-email-$(date +'%Y-%m-%d').log";
LOGFILE_WEBSITES="/var/log/clamav/clamav-website-$(date +'%Y-%m-%d').log";
set HOST="$(hostname -f)"
EMAIL_FROM="clamav-daily@myinkbooks.com";
EMAIL_TO="rdwild@rayolightmedia.com";
DIRTOSCAN="/var/www";
EMAILTOSCAN="/var/vmail";

echo "Starting a daily scan of Websites";

for S in ${DIRTOSCAN}; do
 DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1);

 echo "Starting a daily scan of "$S" directory.
 Amount of data to be scanned is "$DIRSIZE".";

 clamscan -ri "$S" >> "$LOGFILE_WEBSITES";

 # get the value of "Infected lines"
 MALWARE=$(tail "$LOGFILE_WEBSITES"|grep Infected|cut -d" " -f3);

 # if the value is not equal to zero, send an email with the log file attached
 if [ "$MALWARE" -ne "0" ];then
 # using heirloom-mailx below
 cat "$LOGFILE_WEBSITES" | mail -s "Malware Found on $HOST" "$EMAIL_FROM" "$EMAIL_TO";
 fi
done

echo "\n";
echo "Starting a daily scan of email";

for S in ${EMAILTOSCAN}; do
 DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1);

 echo "Starting a daily scan of "$S" directory.
 Amount of data to be scanned is "$DIRSIZE".";

 clamscan --remove yes -ri "$S" >> "$LOGFILE_EMAIL";

 # get the value of "Infected lines"
 MALWARE=$(tail "$LOGFILE_EMAIL"|grep Infected|cut -d" " -f3);

 # if the value is not equal to zero, send an email with the log file attached
 if [ "$MALWARE" -ne "0" ];then
 # using heirloom-mailx below
 cat "$LOGFILE_EMAIL" | mail -s "Malware Found on $HOST" "$EMAIL_FROM" "$EMAIL_TO";
 fi
done


exit 0

You will notice a few parameters that need to be changed in the above code to change it for your needs. The first one is EMAIL_FROM and the second one is EMAIL_TO. If the above script finds a virus or trojen it sends and email using the from address to the email box in the email to address so both of those need to be changed for your system.

Once the clamscan_daily.sh script has been created it needs to be made executable.

chmod +x clamscan_daily.sh

Once you have added the above script to your system you can test it using the below command to do a pilot run.

sudo ./clamscan_daily.sh

You will notice that we use the sudo command here. The script needs to run as it would when running as a cron job which is the root user.


Once you have tested the script to make sure everything is working as it should you will need to add it to a daily cron job so that it runs every day.

I’m currently doing this by moving the script into the /etc/cron.daily folder.

 sudo mv clamscan_daily.sh /etc/cron.daily/clamscan_daily.sh

If the script finds something you will see an email similar to the one below

You will notice in the above email that nothing was found for websites (or they would have been listed here), but there were some spoofing emails that were found in the junk and trash folder. These were caught by other means and moved to trash but Clamav removed them. You will also notice that I obfuscated some of the text so I don’t get a bunch of junk emails.

Links

https://clamwin.com/ (main project website for clamwin)

Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

Click to enable/disable Google Analytics tracking code.
Click to enable/disable Google Fonts.
Click to enable/disable Google Maps.
Click to enable/disable video embeds.
Our website uses cookies, mainly from 3rd party services. Define your Privacy Preferences and/or agree to our use of cookies.
L i v e C h a t
Live Chat
Call Now!