Results 1 to 18 of 18

Thread: [Plugin] Site Scanner (plugin for daily ClamAV run) [BETA]

  1. #1
    Join Date
    Jan 2004
    Location
    Russia
    Posts
    255

    [Plugin] Site Scanner (plugin for daily ClamAV run) [BETA]

    Site Scanner is free open-source plugin for daily ClamAV run.
    https://bitbucket.org/ruweb/site_scan

    WARNING: Plugin is in BETA state! Plugin still lacks english localization (only text placeholders will be displayed while tokens inside user/lang/lang.en.php is not filled up).

    Download & install from https://plugins.ruweb.net/site_scan.tar.gz
    During installation daily cron job will be added to /etc/crontab:
    Code:
    0 4 * * * root /usr/local/directadmin/plugins/site_scan/scripts/sitescan_run.sh
    Once a week (on Tuesday or on the first run) full /home scan will be performed with clamscan, in other days only new files (by mtime/ctime) will be scanned.
    By default infected files will be blocked by executing chmod 000. (User can disable auto-blocking feature inside plugin interface in DirectAdmin.)
    After every scan, list of infected files with brief instructions will be e-mailed to user, also full list of infected files will be reported to admin via DirectAdmin message system.
    User can add files to whitelist - whitelisted files will not be blocked and will not be reported to user.
    User interface example: http://i.imgur.com/lw3nL6c.png
    Russian interface example: https://forum.ruweb.net/viewthread.php?tid=3017

    Note
    Only signature databases added to /usr/local/directadmin/plugins/site_scan/clamav/ directory will be used during scan. (Symlinks to default databases will be added there during installation).
    It is highly recommended to add Linux Malware Detect signatures to your databases:
    Code:
    DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.ndb
    DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.hdb
    We also found Malware Expert signatures quite useful and effective:
    Code:
    DatabaseCustomURL http://cdn.malware.expert/malware.expert.ndb
    DatabaseCustomURL http://cdn.malware.expert/malware.expert.hdb
    DatabaseCustomURL http://cdn.malware.expert/malware.expert.ldb
    DatabaseCustomURL http://cdn.malware.expert/malware.expert.fp
    Add this to your freshclam.conf if you haven't done so yet. (Then execute freshclam and reinstall plugin - symlinks will be added to /usr/local/directadmin/plugins/site_scan/clamav/)
    You may want to add our whitelist also (and/or create your own whitelist)
    Code:
    DatabaseCustomURL http://ruweb.net/whitelist_ruweb.ign2
    to skip some False-Positive signatures.
    Last edited by ClayRabbit; 11-30-2017 at 11:35 PM.
    From Siberia with love
    And sorry for bad english

  2. #2
    Join Date
    Jan 2007
    Posts
    16
    Hello Guys,
    Did you test this plugin? How are the results?
    I was using CXS. But DirectAdmin is also problematic. It's a solution. That's why I canceled the CXS license.
    Do you know a different plugin that will do an automatic security scan in Yada CXS style?

    Thnks.

  3. #3
    Join Date
    Jan 2004
    Location
    Russia
    Posts
    255
    Last week I have added some fixes for linux compatibility, so it should work fine now.
    But we still lacks of english localization.
    From Siberia with love
    And sorry for bad english

  4. #4
    Join Date
    Jan 2007
    Posts
    16
    Quote Originally Posted by ClayRabbit View Post
    Last week I have added some fixes for linux compatibility, so it should work fine now.
    But we still lacks of english localization.
    Yes, ClayRabbit,
    I tested it on a server yesterday. But the scan did not start. There were only whiteslit and on and off buttons. USER. There was no action in the admin section. I did uninstall it. Language is English.

  5. #5
    Join Date
    Jan 2004
    Location
    Russia
    Posts
    255
    Yep, there is no "admin section" for a while.
    Scan is performed at 4:00 AM or you can run /usr/local/directadmin/plugins/site_scan/scripts/sitescan_run.sh from the shell.
    From Siberia with love
    And sorry for bad english

  6. #6
    Join Date
    Jan 2007
    Posts
    16
    Quote Originally Posted by ClayRabbit View Post
    Yep, there is no "admin section" for a while.
    Scan is performed at 4:00 AM or you can run /usr/local/directadmin/plugins/site_scan/scripts/sitescan_run.sh from the shell.
    It would be nice to remove the whitelist for the user and turn the system on / off authority. We do not know if there is a malicious user. What if these actions are made only by the administrator? What do you say?

  7. #7
    Join Date
    Aug 2008
    Posts
    194
    Hello,
    I get this error when I want to install it.
    ERROR: ClamAV DatabaseDirectory '' not found (make sure DatabaseDirectory is specified inside /etc/freshclam.conf)
    Manage And Secure Your Servers
    PM ME

  8. #8
    Join Date
    Jan 2004
    Location
    Russia
    Posts
    255
    I have added fix for DatabaseDirectory detection. Please download and install again.
    Make sure you have executed freshclam at least once and main.cvd or main.cld is exists inside /usr/local/share/clamav directory.
    From Siberia with love
    And sorry for bad english

  9. #9
    Join Date
    May 2010
    Posts
    23
    I have installed module, but disabled it. Anyway entry in cron is active and module is working. I think it shouldn't when disabled.

  10. #10
    Join Date
    Jan 2004
    Location
    Russia
    Posts
    255
    To remove crontab entry execute uninstall or just remove entry from /etc/crontab
    From Siberia with love
    And sorry for bad english

  11. #11
    Join Date
    May 2010
    Posts
    23
    Yes I know, just reporting you some ideas
    btw. it would be nice to have an option to send the report about virus just once.
    for example, day 1 I send a report on virus a b c, day 2, new virus d was spotted so script will send notification only about virus d

  12. #12
    Join Date
    Feb 2010
    Location
    Canada
    Posts
    118
    Hi ClayRabbit,

    Thanks for this plugin, sounds great.

    Id like to try this but dont see any updates since Jan 2018. Is this still in development and working with current version of DA?
    -

  13. #13
    Join Date
    Jan 2004
    Location
    Russia
    Posts
    255
    Yep, it's working but still waiting for someone to fill english localization file.
    From Siberia with love
    And sorry for bad english

  14. #14
    Join Date
    Feb 2010
    Location
    Canada
    Posts
    118
    Quote Originally Posted by ClayRabbit View Post
    Yep, it's working but still waiting for someone to fill english localization file.
    Thanks for the reply.

    After i install plugin I will take a look at the lang.en file and see what i can do to help.
    -

  15. #15
    Join Date
    Feb 2010
    Location
    Canada
    Posts
    118
    tried installing using install script, it says "Plugin Installed!" but nothing is there and no cron added.
    -

  16. #16
    Join Date
    Jan 2004
    Location
    Russia
    Posts
    255
    You mean sitescan_run.sh is not added to /etc/crontab? Is there any error messages?
    From Siberia with love
    And sorry for bad english

  17. #17
    Join Date
    Feb 2010
    Location
    Canada
    Posts
    118
    Quote Originally Posted by ClayRabbit View Post
    You mean sitescan_run.sh is not added to /etc/crontab? Is there any error messages?
    No it does not do anything. Nothing gets installed when i run install.sh

    are we suppose to run install script from a certain directory?

    here is what i get;

    ./install.sh
    <PRE>
    Plugin Installed!
    Last edited by bluebirdnet; 05-23-2018 at 10:18 AM.
    -

  18. #18
    Join Date
    Sep 2018
    Posts
    3

    Don't use this plugin

    I installed this plugin . my plugin page go down.

    if you face this problem please flow this way to back your plugin page.

    cd /usr/local/directadmin/plugins
    rm -rf site_scan


    then check your plugin page again back

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •