[PLUGIN] EN-ClamAV - ClamAV Interface for DirectAdmin

idatahost

Verified User
Joined
Feb 16, 2020
Messages
17
Thanks for nice plugin but not working for me.
My php version 7.4 and not working the plugin. I reinstall it several times. I also run this command

# cd /usr/local/directadmin/custombuild
# ./build update
# ./build set ioncube yes
# ./build ioncube

Bellow's error displaying
" Site error: the ionCube PHP Loader needs to be installed. This is a widely used PHP extension for running ionCube protected PHP code, website security and malware blocking. Please visit get-loader.ioncube.com for install assistance. "

Any instruction to install it?
 

idatahost

Verified User
Joined
Feb 16, 2020
Messages
17
SOLVED.

A completely different issue.

The plugin could not find the correct directory.

The ClamAV package includes a php.ini file pointing to loader files for 4 versions of php. I had not noticed that in the beginning, I used the wizard to install.

Since the plugin was then complaining that ioncube was not installed, I proceeded to install it.

But the plugin was reading its own php.ini file and could not find ioncube.

Now that I put the correct directory in, it is finally working.

Could you please tell me where and what you edited?
 

StreamerCloud

Verified User
Joined
Aug 19, 2019
Messages
6
FYI, but this plugin is working great and configures nicely.

Really the only modification needed was the ionCube loader situation. I am running php7.4 and found it easier to:

  • Download ionCube from https://www.ioncube.com/loaders.php
  • Unzip and upload files ioncube_loader_lin_7.4.so and ioncube_loader_lin_7.4_ts.so to /usr/local/directadmin/plugins/en-clamav
Then add:

Code:
zend_extension = "/usr/local/directadmin/plugins/en-clamav/ioncube_loader_lin_7.4.so"

at the bottom of /usr/local/directadmin/plugins/en-clamav/php.ini

Plugin UI came right up.
 

allisonjclark

Verified User
Joined
Jun 24, 2020
Messages
10
I have installed it and everything seems to be working but can't find logs,
How do I check scan logs ?
 

Active8

Verified User
Joined
Jul 13, 2013
Messages
719
Did someone noticed that this plugin send a mail to the maker with your server + ip info?
I saw it luckily because it was frozen in que
Code:
1kXQmA-001Zba-C8-H
root 0 0
<[email protected]>
1603812042 0
-received_time_usec .376129
-active_hostname de4.aserver.com
-ident root
-received_protocol local
-aclm _uid 1
0
-aclm _username 4
root
-body_linecount 20
-max_received_linelength 70
-auth_id root
-auth_sender [email protected]
-allow_unqualified_recipient
-allow_unqualified_sender
-local
XX
1
[email protected]

201P Received: from root by de4.aserver.com with local (Exim 4.94)
    (envelope-from <[email protected]>)
    id 1kXQmA-001Zba-C8
    for [email protected]; Tue, 27 Oct 2020 16:20:42 +0100
030T To: [email protected]
056  Subject: [PLUGIN] EN-ClamAV - DirectAdmin - New install
019  MIME-Version: 1.0
040  Content-type: text/html; charset=UTF-8
032F From: [email protected]
055I Message-Id: <[email protected]>
038  Date: Tue, 27 Oct 2020 16:20:42 +0100
Code:
html><head></head>
                <body>
                    <strong>EN-ClamAV installed on:</strong><br />
                    OS name: Linux<br />
                    Distribution: CentOS Linux release 8.2.2004 (Core)
<br />
                    Release name (kernel version): 4.18.0-193.19.1.el8_2.x86_64<br />
                    Version information: #1 SMP Mon Sep 14 14:37:00 UTC 2020<br />
                    Machine type: x86_64<br />
                    <br />
                    DA Version: 1.61.5<br />
                    DA SSL: on<br />
                    DA Language: en<br />
                    HOME: /home/admin<br />
                    Host name: de4.aserver.com<br />
                    Host name: de4.aserver.com<br />
                    Server IP: 11.1.1.1<br />
                    Client IP: 2.2.2.2.<br /><br /><br />Ereznet.co.il<br />
                </body>
            </html>
Code:
2020-10-27 16:20:42 Received from [email protected] U=root P=local S=1153 T="[PLUGIN] EN-ClamAV - DirectAdmin - New install"
2020-10-27 16:22:53 H=mail.ereznet.co.il [62.90.39.2] Connection timed out
2020-10-27 16:22:53 [email protected] R=lookuphost T=remote_smtp defer (110): Connection timed out
 

tonymontana

Verified User
Joined
Dec 30, 2017
Messages
30
Hi,

Thank you for great plugin!
I have question about path.
I have to scan all in home/admin folder but how to change scan path for all home folder?

And second question. I try installed ClamAV on second server and after this comand ./build clamav system display error:

../shared/.libs/libshared.a(output.o): In function `logg':
/usr/local/directadmin/custombuild/clamav-0.103.0/shared/output.c:377: undefined reference to `fcntl64'
collect2: error: ld returned 1 exit status
Makefile:643: recipe for target 'clamscan' failed
make[2]: *** [clamscan] Error 1
make[2]: Leaving directory '/usr/local/directadmin/custombuild/clamav-0.103.0/clamscan'
Makefile:861: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/usr/local/directadmin/custombuild/clamav-0.103.0'
Makefile:655: recipe for target 'all' failed
make: *** [all] Error 2

Thank you for replies.




111.jpg
 
Last edited:

idatahost

Verified User
Joined
Feb 16, 2020
Messages
17
Hi,
En-ClamAV coming up in the menu. But nothing displaying there. anybody can help me?
I added zend extension at the bottom of /usr/local/directadmin/plugins/en-clamav/php.ini
and keep the file in folder.

Thanks in advance.
 

Attachments

  • en-clamav.png
    en-clamav.png
    28.7 KB · Views: 8
  • en-clamav-folder.png
    en-clamav-folder.png
    12.3 KB · Views: 7
  • en-clamav-php-ini.png
    en-clamav-php-ini.png
    12.2 KB · Views: 7

idatahost

Verified User
Joined
Feb 16, 2020
Messages
17
problem solved. and followed this step:
* delete the plugin from Plugin manager
* Added plugins_allowed_run_as=1 this line in /usr/local/directadmin/conf/directadmin.conf
* From plugin manager again install using this link: https://www.directadmin.ereznet.co.il/en-clamav/en-clamav.tar.gz
* download the ioncube loader and keep both of following files:
ioncube_loader_lin_7.4.so
ioncube_loader_lin_7.4_ts.so
in this location /usr/local/directadmin/plugins/en-clamav/
* edit php.ini file which is located here /usr/local/directadmin/plugins/en-clamav/
and added this line
zend_extension = "/usr/local/directadmin/plugins/en-clamav/ioncube_loader_lin_7.4.so"

mission successful :)
Thank you for this plugin <3
 
  • Like
Reactions: jca

jca

Verified User
Joined
Oct 31, 2006
Messages
285
Location
Allen, TX
I really like this script! Hope source is updated with the ioncube plugin as 7.4 becomes more popular. Do we know if the plug in is still being updated?
 

Adrian_

New member
Joined
Nov 19, 2020
Messages
3
Did someone noticed that this plugin send a mail to the maker with your server + ip info?
I saw it luckily because it was frozen in que
Code:
1kXQmA-001Zba-C8-H
root 0 0
<[email protected]>
1603812042 0
-received_time_usec .376129
-active_hostname de4.aserver.com
-ident root
-received_protocol local
-aclm _uid 1
0
-aclm _username 4
root
-body_linecount 20
-max_received_linelength 70
-auth_id root
-auth_sender [email protected]
-allow_unqualified_recipient
-allow_unqualified_sender
-local
XX
1
[email protected]

201P Received: from root by de4.aserver.com with local (Exim 4.94)
    (envelope-from <[email protected]>)
    id 1kXQmA-001Zba-C8
    for [email protected]; Tue, 27 Oct 2020 16:20:42 +0100
030T To: [email protected]
056  Subject: [PLUGIN] EN-ClamAV - DirectAdmin - New install
019  MIME-Version: 1.0
040  Content-type: text/html; charset=UTF-8
032F From: [email protected]
055I Message-Id: <[email protected]>
038  Date: Tue, 27 Oct 2020 16:20:42 +0100
Code:
html><head></head>
                <body>
                    <strong>EN-ClamAV installed on:</strong><br />
                    OS name: Linux<br />
                    Distribution: CentOS Linux release 8.2.2004 (Core)
<br />
                    Release name (kernel version): 4.18.0-193.19.1.el8_2.x86_64<br />
                    Version information: #1 SMP Mon Sep 14 14:37:00 UTC 2020<br />
                    Machine type: x86_64<br />
                    <br />
                    DA Version: 1.61.5<br />
                    DA SSL: on<br />
                    DA Language: en<br />
                    HOME: /home/admin<br />
                    Host name: de4.aserver.com<br />
                    Host name: de4.aserver.com<br />
                    Server IP: 11.1.1.1<br />
                    Client IP: 2.2.2.2.<br /><br /><br />Ereznet.co.il<br />
                </body>
            </html>
Code:
2020-10-27 16:20:42 Received from [email protected] U=root P=local S=1153 T="[PLUGIN] EN-ClamAV - DirectAdmin - New install"
2020-10-27 16:22:53 H=mail.ereznet.co.il [62.90.39.2] Connection timed out
2020-10-27 16:22:53 [email protected] R=lookuphost T=remote_smtp defer (110): Connection timed out

Does this not concern anybody?:oops:
 

MaXi32

Verified User
Joined
Jul 25, 2016
Messages
536
Location
The Earth
Does this not concern anybody?:oops:


Did someone noticed that this plugin send a mail to the maker with your server + ip info?
I saw it luckily because it was frozen in que
Code:
1kXQmA-001Zba-C8-H
root 0 0
<[email protected]>
1603812042 0
-received_time_usec .376129
-active_hostname de4.aserver.com
-ident root
-received_protocol local
-aclm _uid 1
0
-aclm _username 4
root
-body_linecount 20
-max_received_linelength 70
-auth_id root
-auth_sender [email protected]
-allow_unqualified_recipient
-allow_unqualified_sender
-local
XX
1
[email protected]

201P Received: from root by de4.aserver.com with local (Exim 4.94)
    (envelope-from <[email protected]>)
    id 1kXQmA-001Zba-C8
    for [email protected]; Tue, 27 Oct 2020 16:20:42 +0100
030T To: [email protected]
056  Subject: [PLUGIN] EN-ClamAV - DirectAdmin - New install
019  MIME-Version: 1.0
040  Content-type: text/html; charset=UTF-8
032F From: [email protected]
055I Message-Id: <[email protected]>
038  Date: Tue, 27 Oct 2020 16:20:42 +0100
Code:
html><head></head>
                <body>
                    <strong>EN-ClamAV installed on:</strong><br />
                    OS name: Linux<br />
                    Distribution: CentOS Linux release 8.2.2004 (Core)
<br />
                    Release name (kernel version): 4.18.0-193.19.1.el8_2.x86_64<br />
                    Version information: #1 SMP Mon Sep 14 14:37:00 UTC 2020<br />
                    Machine type: x86_64<br />
                    <br />
                    DA Version: 1.61.5<br />
                    DA SSL: on<br />
                    DA Language: en<br />
                    HOME: /home/admin<br />
                    Host name: de4.aserver.com<br />
                    Host name: de4.aserver.com<br />
                    Server IP: 11.1.1.1<br />
                    Client IP: 2.2.2.2.<br /><br /><br />Ereznet.co.il<br />
                </body>
            </html>
Code:
2020-10-27 16:20:42 Received from [email protected] U=root P=local S=1153 T="[PLUGIN] EN-ClamAV - DirectAdmin - New install"
2020-10-27 16:22:53 H=mail.ereznet.co.il [62.90.39.2] Connection timed out
2020-10-27 16:22:53 [email protected] R=lookuphost T=remote_smtp defer (110): Connection timed out

I wrote complain about this plugin before perhaps from the 2nd or 3rd post but I deleted my post because I don't want to hurt the author's feeling (that time nobody care what I was trying to say).

Since now you notice something, I will say this again for security awareness. I remember I told that you will not be able to inspect what the code is about because the source code (the core function) for this plugin is fully encrypted (that is the reason the main requirement to run this script is to install ioncube so it can be decrypted before it can run). I know the main purpose of encrypting the PHP source code with is for protecting his work so nobody can steal his work but someone can use this to actually run malicious code without you know. You know this plugin actually run as root user in your server, and there is high chance this php binary can send your server username and password to attacker... I know he might not do this but he 100% can and you wont notice this because the plugin is written with encrypted PHP source code! So, install this plugin if you trust the author. I will not install this plugin until the source code is published (or decrypted) so that I can inspect what it does.
 
Last edited:
Top