[PLUGIN] EN-ClamAV - ClamAV Interface for DirectAdmin

ereznet

Verified User
Joined
Jan 7, 2019
Messages
8
Download:
The latest version can be downloaded here: https://www.directadmin.ereznet.co.il/en-clamav/en-clamav.tar.gz

Screenshots:
files-mode: https://www.directadmin.ereznet.co.il/en-clamav/screenshots_filesmode.png
users-mode: https://www.directadmin.ereznet.co.il/en-clamav/screenshots_usersmode.png
clamscan: https://www.directadmin.ereznet.co.il/en-clamav/screenshots_clamscan_a.png
logs: https://www.directadmin.ereznet.co.il/en-clamav/screenshots_logs.png

Features:
* ClamAV Service
* Show ClamAV Version + FreshClam Version (+Last Update)
* Show System info
* UPDATE freshclam
* ClamAV virus check
* Show clamd.conf + freshclam.conf
* Show Load average (+Graph for 1min/5min/15min)
* Clamscan (FILES mode / USERs mode)
* Clamscan > --quiet + --recursive + --no-summary + --infected + --remove + --scan-X + --max-X etc...
* User logs

Server Requirements:
* CentOS 6/7+ / RHEL 6/7+ / Cloudlinux 6/7+ (Supports 32-bit and 64-bit)
* DirectAdmin v1.551+
* Clamav >= 0.95
* Apache 2.2.x or 2.4.x / Nginx
* PHP 5.6+
* PHP Curl SSL Library
* IonCube Loader

FAQs:
- It is safe to use it?
Totally.

- It is free?
It is 100% free.

- How to install ClamAV on DirectAdmin w/“Custombuild”?
Login to your server as user ‘root’ and run:
cd /usr/local/directadmin/custombuild
./build update
./build set clamav yes
./build set clamav_exim yes
./build set exim yes
./build set eximconf yes

./build clamav
./build exim
./build exim_conf

Recommended signatures for ClamAV - All mark FP Risk=LOW:
(For SecuriteInfo you must sign on https://www.securiteinfo.com and get "xxx_your_unique_string_xxx")
Edit file '/etc/freshclam.conf':
nano /etc/freshclam.conf
and paste this:
# Malware Expert Commercial ModSecurity Rules: https://malware.expert
DatabaseCustomURL http://cdn.malware.expert/malware.expert.ndb
DatabaseCustomURL http://cdn.malware.expert/malware.expert.hdb
DatabaseCustomURL http://cdn.malware.expert/malware.expert.ldb
DatabaseCustomURL http://cdn.malware.expert/malware.expert.fp

# Maldet Malware Detect: http://www.rfxn.com
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.ndb
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.hdb

# SecuriteInfo: https://www.securiteinfo.com
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/ xxx_your_unique_string_xxx /securiteinfo.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/ xxx_your_unique_string_xxx /securiteinfo.ign2
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/ xxx_your_unique_string_xxx /javascript.ndb
#DatabaseCustomURL https://www.securiteinfo.com/get/signatures/ xxx_your_unique_string_xxx /spam_marketing.ndb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/ xxx_your_unique_string_xxx /securiteinfohtml.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/ xxx_your_unique_string_xxx /securiteinfoascii.hdb
#DatabaseCustomURL https://www.securiteinfo.com/get/signatures/ xxx_your_unique_string_xxx /securiteinfoandroid.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/ xxx_your_unique_string_xxx /securiteinfoold.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/ xxx_your_unique_string_xxx /securiteinfopdf.hdb

# Sanesecurity + Foxhole (FP Risk=LOW): https://sanesecurity.com/usage/signatures/
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/junk.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phish.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/rogue.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/scam.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamimg.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamattach.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/blurl.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/badmacro.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/shelter.ldb
# winnow
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb
# bofhland
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb
# Porcupine
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phishtank.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.hsb

# WhiteList
DatabaseCustomURL http://ruweb.net/whitelist_ruweb.ign2

How to update clamav database?
# sudo freshclam

How to show clamav database version:
# sudo freshclam -v

- How to install our plugin?
Login to your DirectAdmin as an admin and use the plugin manager to install.
(*Please add `plugins_allowed_run_as=1` to directadmin.conf file. and restart directadmin.)

- In admin level I get permission error...*
Please add plugins_allowed_run_as=1 to directadmin.conf file.

- Support? Bugs? Issues? Ideas?
Tested on:
Virtual Servers: VMware | Xen/XCP-ng
Operating Systems: RedHat Enterprise v6 to v7 | CentOS v6 to v7 | CloudLinux v6 to v7
*Any OS that is EOL will not be supported.
Browsers: Chrome and Firefox.

Please post bugs/issues/ideas here: https://directadmin.ereznet.co.il/en-clamav.php

Changelog:
## [1.4.8] - 07-08-2019
- First public free version.


© ErezNet - Internet solutions | www.ErezNet.co.il
Have fun :)
 
Last edited:
Thanks for sharing , i did made test wit 2 Centos boxes

Centos 6, works but banners on top don't work (clamservice,clam version....)
Centos 7 banners work

Not had any problems with permission error, i did apply this patch on centos 6 and not on centos 7 but it did not make any difference

EDIT:

Tried to install on my 3th Centos 7 box now i get ioncube errors
Site error: the ionCube PHP Loader needs to be installed. This is a widely used PHP extension for running ionCube protected PHP code, website security and malware blocking. Please visit get-loader.ioncube.com for install assistance.

None of the previous installed boxes had ioncube installed, something changed in the meantime ?
 
Last edited:
I'm getting the same message:

Site error: the ionCube PHP Loader needs to be installed. This is a widely used PHP extension for running ionCube protected PHP code, website security and malware blocking. Please visit get-loader.ioncube.com for install assistance.
 
Hmm maybe this has to do with php versions

boxes that have php 5.6 do work but only php 7.2.x dont
when you have multiple php versions which contains 5.6 and 7.2 it works too, but only one php version of 7.2 dont
 
its working on CL 7, php 5.6 as php1_release

thanks for your great job
 
Hi Active8

Centos 6, works but banners on top don't work (clamservice,clam version....)
Can you please send screenshot?

Site error: the ionCube PHP Loader needs to be installed. This is a widely used PHP extension for running ionCube protected PHP code, website security and malware blocking. Please visit get-loader.ioncube.com for install assistance.

ssh to your server and run:
# cd /usr/local/directadmin/custombuild
# ./build update
# ./build set ioncube yes
# ./build ioncube

Please run "php -v" check ionCube is loaded
Code:
with the ionCube PHP Loader + ionCube24 v10.3.6, Copyright (c) 2002-2019, by ionCube Ltd.
 
I trying to install and scan is totally working good.
Thank you for this great work, very useful plugin
 
Printscreen: https://i.imgur.com/LGUiUZV.png

php -v:

Code:
[root@da custombuild]# php -v 
PHP 7.3.7 (cli) (built: Jul  6 2019 21:47:31) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.7, Copyright (c) 1998-2018 Zend Technologies
    with the ionCube PHP Loader + ionCube24 v10.3.7, Copyright (c) 2002-2019, by ionCube Ltd.
    with Zend OPcache v7.3.7, Copyright (c) 1999-2018, by Zend Technologies
 
problems with ioncube seems to solved :)

Centos 6 the banners at top dont work clam.jpg

BTW: ClamAv is installed
 
Hi Active8,

Please ssh to your server and post the output of:
Code:
# service clamd status

Code:
# clamscan --version

Also, please try to remove(DELETE) the plugin and reinstall the last update = https://www.directadmin.ereznet.co.il/en-clamav/en-clamav.tar.gz

As said, clam is installed and running:

service clamd status:
clamd (pid 1864) is running...


clamscan --version
ClamAV 0.101.2/25505/Tue Jul 9 10:07:53 2019

made a reinstall as suggested and its working now :)
 
Last edited:
Excellent plugin. I just tested it out.

Once thing I noticed, is the default path to scan is showing Selected: /

So it scan everything. Can you make it so it just scan the public_html folder by default?
 
Back
Top