[Plugin] Site Scanner (plugin for daily ClamAV run) [BETA]

ClayRabbit

Verified User
Joined
Jan 3, 2004
Messages
260
Location
Russia
[Plugin] Site Scanner (plugin for daily ClamAV run)

Site Scanner is free open-source plugin for daily ClamAV run.
https://bitbucket.org/ruweb/site_scan

WARNING: Plugin still lacks english localization (only text placeholders will be displayed while tokens inside user/lang/lang.en.php is not filled up).

Download & install from https://plugins.ruweb.net/site_scan.tar.gz
During installation daily cron job will be added to /etc/crontab:
Code:
0 4 * * * root /usr/local/directadmin/plugins/site_scan/scripts/sitescan_run.sh
Once a week (on Tuesday or on the first run) full /home scan will be performed with clamscan, in other days only new files (by mtime/ctime) will be scanned.
By default infected files will be blocked by executing chmod 000. (User can disable auto-blocking feature inside plugin interface in DirectAdmin.)
After every scan, list of infected files with brief instructions will be e-mailed to user, also full list of infected files will be reported to admin via DirectAdmin message system.
User can add files to whitelist - whitelisted files will not be blocked and will not be reported to user.
User interface example: http://i.imgur.com/lw3nL6c.png
Russian interface example: https://forum.ruweb.net/viewthread.php?tid=3017

Note
Only signature databases added to /usr/local/directadmin/plugins/site_scan/clamav/ directory will be used during scan. (Symlinks to default databases will be added there during installation).
It is highly recommended to add Linux Malware Detect signatures to your databases:
Code:
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.ndb
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.hdb
We also found Malware Expert signatures quite useful and effective:
Code:
DatabaseCustomURL http://cdn.malware.expert/malware.expert.ndb
DatabaseCustomURL http://cdn.malware.expert/malware.expert.hdb
DatabaseCustomURL http://cdn.malware.expert/malware.expert.ldb
DatabaseCustomURL http://cdn.malware.expert/malware.expert.fp
Add this to your freshclam.conf if you haven't done so yet. (Then execute freshclam and reinstall plugin - symlinks will be added to /usr/local/directadmin/plugins/site_scan/clamav/)
You may want to add our whitelist also (and/or create your own whitelist)
Code:
DatabaseCustomURL http://ruweb.net/whitelist_ruweb.ign2
to skip some False-Positive signatures.
 
Last edited:
Hello Guys,
Did you test this plugin? How are the results?
I was using CXS. But DirectAdmin is also problematic. It's a solution. That's why I canceled the CXS license.
Do you know a different plugin that will do an automatic security scan in Yada CXS style?

Thnks.
 
Last week I have added some fixes for linux compatibility, so it should work fine now.
But we still lacks of english localization.
 
Last week I have added some fixes for linux compatibility, so it should work fine now.
But we still lacks of english localization.

Yes, ClayRabbit,
I tested it on a server yesterday. But the scan did not start. There were only whiteslit and on and off buttons. USER. There was no action in the admin section. I did uninstall it. Language is English.
 
Yep, there is no "admin section" for a while.
Scan is performed at 4:00 AM or you can run /usr/local/directadmin/plugins/site_scan/scripts/sitescan_run.sh from the shell.
 
Yep, there is no "admin section" for a while.
Scan is performed at 4:00 AM or you can run /usr/local/directadmin/plugins/site_scan/scripts/sitescan_run.sh from the shell.

It would be nice to remove the whitelist for the user and turn the system on / off authority. We do not know if there is a malicious user. What if these actions are made only by the administrator? What do you say?
 
Hello,
I get this error when I want to install it.
ERROR: ClamAV DatabaseDirectory '' not found (make sure DatabaseDirectory is specified inside /etc/freshclam.conf)
 
I have added fix for DatabaseDirectory detection. Please download and install again.
Make sure you have executed freshclam at least once and main.cvd or main.cld is exists inside /usr/local/share/clamav directory.
 
I have installed module, but disabled it. Anyway entry in cron is active and module is working. I think it shouldn't when disabled.
 
Yes I know, just reporting you some ideas :)
btw. it would be nice to have an option to send the report about virus just once.
for example, day 1 I send a report on virus a b c, day 2, new virus d was spotted so script will send notification only about virus d
 
Hi ClayRabbit,

Thanks for this plugin, sounds great.

Id like to try this but dont see any updates since Jan 2018. Is this still in development and working with current version of DA?
 
tried installing using install script, it says "Plugin Installed!" but nothing is there and no cron added.
 
Don't use this plugin

I installed this plugin . my plugin page go down.

if you face this problem please flow this way to back your plugin page.

cd /usr/local/directadmin/plugins
rm -rf site_scan


then check your plugin page again back :) :cool::rolleyes:
 
Back
Top