Results 1 to 11 of 11

Thread: [Plugin] Site Scanner (plugin for daily ClamAV run) [BETA]

  1. #1
    Join Date
    Jan 2004
    Location
    Russia
    Posts
    246

    [Plugin] Site Scanner (plugin for daily ClamAV run) [BETA]

    Site Scanner is free open-source plugin for daily ClamAV run.
    https://bitbucket.org/ruweb/site_scan

    WARNING: Plugin is in BETA state! Plugin still lacks english localization (only text placeholders will be displayed while tokens inside user/lang/lang.en.php is not filled up).

    Download & install from https://plugins.ruweb.net/site_scan.tar.gz
    During installation daily cron job will be added to /etc/crontab:
    Code:
    0 4 * * * root /usr/local/directadmin/plugins/site_scan/scripts/sitescan_run.sh
    Once a week (on Tuesday or on the first run) full /home scan will be performed with clamscan, in other days only new files (by mtime/ctime) will be scanned.
    By default infected files will be blocked by executing chmod 000. (User can disable auto-blocking feature inside plugin interface in DirectAdmin.)
    After every scan, list of infected files with brief instructions will be e-mailed to user, also full list of infected files will be reported to admin via DirectAdmin message system.
    User can add files to whitelist - whitelisted files will not be blocked and will not be reported to user.
    User interface example: http://i.imgur.com/lw3nL6c.png
    Russian interface example: https://forum.ruweb.net/viewthread.php?tid=3017

    Note
    Only signature databases added to /usr/local/directadmin/plugins/site_scan/clamav/ directory will be used during scan. (Symlinks to default databases will be added there during installation).
    It is highly recommended to add Linux Malware Detect signatures to your databases:
    Code:
    DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.ndb
    DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.hdb
    We also found Malware Expert signatures quite useful and effective:
    Code:
    DatabaseCustomURL http://cdn.malware.expert/malware.expert.ndb
    DatabaseCustomURL http://cdn.malware.expert/malware.expert.hdb
    DatabaseCustomURL http://cdn.malware.expert/malware.expert.ldb
    DatabaseCustomURL http://cdn.malware.expert/malware.expert.fp
    Add this to your freshclam.conf if you haven't done so yet. (Then execute freshclam and reinstall plugin - symlinks will be added to /usr/local/directadmin/plugins/site_scan/clamav/)
    You may want to add our whitelist also (and/or create your own whitelist)
    Code:
    DatabaseCustomURL http://ruweb.net/whitelist_ruweb.ign2
    to skip some False-Positive signatures.
    Last edited by ClayRabbit; 11-30-2017 at 11:35 PM.
    From Siberia with love
    And sorry for bad english

  2. #2
    Join Date
    Jan 2007
    Posts
    16
    Hello Guys,
    Did you test this plugin? How are the results?
    I was using CXS. But DirectAdmin is also problematic. It's a solution. That's why I canceled the CXS license.
    Do you know a different plugin that will do an automatic security scan in Yada CXS style?

    Thnks.

  3. #3
    Join Date
    Jan 2004
    Location
    Russia
    Posts
    246
    Last week I have added some fixes for linux compatibility, so it should work fine now.
    But we still lacks of english localization.
    From Siberia with love
    And sorry for bad english

  4. #4
    Join Date
    Jan 2007
    Posts
    16
    Quote Originally Posted by ClayRabbit View Post
    Last week I have added some fixes for linux compatibility, so it should work fine now.
    But we still lacks of english localization.
    Yes, ClayRabbit,
    I tested it on a server yesterday. But the scan did not start. There were only whiteslit and on and off buttons. USER. There was no action in the admin section. I did uninstall it. Language is English.

  5. #5
    Join Date
    Jan 2004
    Location
    Russia
    Posts
    246
    Yep, there is no "admin section" for a while.
    Scan is performed at 4:00 AM or you can run /usr/local/directadmin/plugins/site_scan/scripts/sitescan_run.sh from the shell.
    From Siberia with love
    And sorry for bad english

  6. #6
    Join Date
    Jan 2007
    Posts
    16
    Quote Originally Posted by ClayRabbit View Post
    Yep, there is no "admin section" for a while.
    Scan is performed at 4:00 AM or you can run /usr/local/directadmin/plugins/site_scan/scripts/sitescan_run.sh from the shell.
    It would be nice to remove the whitelist for the user and turn the system on / off authority. We do not know if there is a malicious user. What if these actions are made only by the administrator? What do you say?

  7. #7
    Join Date
    Aug 2008
    Posts
    185
    Hello,
    I get this error when I want to install it.
    ERROR: ClamAV DatabaseDirectory '' not found (make sure DatabaseDirectory is specified inside /etc/freshclam.conf)
    Manage And Secure Your Servers
    PM ME

  8. #8
    Join Date
    Jan 2004
    Location
    Russia
    Posts
    246
    I have added fix for DatabaseDirectory detection. Please download and install again.
    Make sure you have executed freshclam at least once and main.cvd or main.cld is exists inside /usr/local/share/clamav directory.
    From Siberia with love
    And sorry for bad english

  9. #9
    Join Date
    May 2010
    Posts
    23
    I have installed module, but disabled it. Anyway entry in cron is active and module is working. I think it shouldn't when disabled.

  10. #10
    Join Date
    Jan 2004
    Location
    Russia
    Posts
    246
    To remove crontab entry execute uninstall or just remove entry from /etc/crontab
    From Siberia with love
    And sorry for bad english

  11. #11
    Join Date
    May 2010
    Posts
    23
    Yes I know, just reporting you some ideas
    btw. it would be nice to have an option to send the report about virus just once.
    for example, day 1 I send a report on virus a b c, day 2, new virus d was spotted so script will send notification only about virus d

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •