[PLUGIN] EN-ClamAV - ClamAV Interface for DirectAdmin

FYI, but this plugin is working great and configures nicely.

Really the only modification needed was the ionCube loader situation. I am running php7.4 and found it easier to:

  • Download ionCube from https://www.ioncube.com/loaders.php
  • Unzip and upload files ioncube_loader_lin_7.4.so and ioncube_loader_lin_7.4_ts.so to /usr/local/directadmin/plugins/en-clamav
Then add:

Code: 
zend_extension = "/usr/local/directadmin/plugins/en-clamav/ioncube_loader_lin_7.4.so"

at the bottom of /usr/local/directadmin/plugins/en-clamav/php.ini

Plugin UI came right up.
 
I have installed it and everything seems to be working but can't find logs,
How do I check scan logs ?
 
Did someone noticed that this plugin send a mail to the maker with your server + ip info?
I saw it luckily because it was frozen in que
Code: 
1kXQmA-001Zba-C8-H
root 0 0
<[email protected]>
1603812042 0
-received_time_usec .376129
-active_hostname de4.aserver.com
-ident root
-received_protocol local
-aclm _uid 1
0
-aclm _username 4
root
-body_linecount 20
-max_received_linelength 70
-auth_id root
-auth_sender [email protected]
-allow_unqualified_recipient
-allow_unqualified_sender
-local
XX
1
[email protected]

201P Received: from root by de4.aserver.com with local (Exim 4.94)
    (envelope-from <[email protected]>)
    id 1kXQmA-001Zba-C8
    for [email protected]; Tue, 27 Oct 2020 16:20:42 +0100
030T To: [email protected]
056  Subject: [PLUGIN] EN-ClamAV - DirectAdmin - New install
019  MIME-Version: 1.0
040  Content-type: text/html; charset=UTF-8
032F From: [email protected]
055I Message-Id: <[email protected]>
038  Date: Tue, 27 Oct 2020 16:20:42 +0100
Code: 
html><head></head>
                <body>
                    <strong>EN-ClamAV installed on:</strong><br />
                    OS name: Linux<br />
                    Distribution: CentOS Linux release 8.2.2004 (Core)
<br />
                    Release name (kernel version): 4.18.0-193.19.1.el8_2.x86_64<br />
                    Version information: #1 SMP Mon Sep 14 14:37:00 UTC 2020<br />
                    Machine type: x86_64<br />
                    <br />
                    DA Version: 1.61.5<br />
                    DA SSL: on<br />
                    DA Language: en<br />
                    HOME: /home/admin<br />
                    Host name: de4.aserver.com<br />
                    Host name: de4.aserver.com<br />
                    Server IP: 11.1.1.1<br />
                    Client IP: 2.2.2.2.<br /><br /><br />Ereznet.co.il<br />
                </body>
            </html>
Code: 
2020-10-27 16:20:42 Received from [email protected] U=root P=local S=1153 T="[PLUGIN] EN-ClamAV - DirectAdmin - New install"
2020-10-27 16:22:53 H=mail.ereznet.co.il [62.90.39.2] Connection timed out
2020-10-27 16:22:53 [email protected] R=lookuphost T=remote_smtp defer (110): Connection timed out
 
Hi,

Thank you for great plugin!
I have question about path.
I have to scan all in home/admin folder but how to change scan path for all home folder?

And second question. I try installed ClamAV on second server and after this comand ./build clamav system display error:

../shared/.libs/libshared.a(output.o): In function `logg':
/usr/local/directadmin/custombuild/clamav-0.103.0/shared/output.c:377: undefined reference to `fcntl64'
collect2: error: ld returned 1 exit status
Makefile:643: recipe for target 'clamscan' failed
make[2]: *** [clamscan] Error 1
make[2]: Leaving directory '/usr/local/directadmin/custombuild/clamav-0.103.0/clamscan'
Makefile:861: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/usr/local/directadmin/custombuild/clamav-0.103.0'
Makefile:655: recipe for target 'all' failed
make: *** [all] Error 2
Click to expand...

Thank you for replies.




111.jpg
 
Last edited:
I really like this script! Hope source is updated with the ioncube plugin as 7.4 becomes more popular. Do we know if the plug in is still being updated?
 
Active8 said:
Did someone noticed that this plugin send a mail to the maker with your server + ip info?
I saw it luckily because it was frozen in que
Code: 
1kXQmA-001Zba-C8-H
root 0 0
<[email protected]>
1603812042 0
-received_time_usec .376129
-active_hostname de4.aserver.com
-ident root
-received_protocol local
-aclm _uid 1
0
-aclm _username 4
root
-body_linecount 20
-max_received_linelength 70
-auth_id root
-auth_sender [email protected]
-allow_unqualified_recipient
-allow_unqualified_sender
-local
XX
1
[email protected]

201P Received: from root by de4.aserver.com with local (Exim 4.94)
    (envelope-from <[email protected]>)
    id 1kXQmA-001Zba-C8
    for [email protected]; Tue, 27 Oct 2020 16:20:42 +0100
030T To: [email protected]
056  Subject: [PLUGIN] EN-ClamAV - DirectAdmin - New install
019  MIME-Version: 1.0
040  Content-type: text/html; charset=UTF-8
032F From: [email protected]
055I Message-Id: <[email protected]>
038  Date: Tue, 27 Oct 2020 16:20:42 +0100
Code: 
html><head></head>
                <body>
                    <strong>EN-ClamAV installed on:</strong><br />
                    OS name: Linux<br />
                    Distribution: CentOS Linux release 8.2.2004 (Core)
<br />
                    Release name (kernel version): 4.18.0-193.19.1.el8_2.x86_64<br />
                    Version information: #1 SMP Mon Sep 14 14:37:00 UTC 2020<br />
                    Machine type: x86_64<br />
                    <br />
                    DA Version: 1.61.5<br />
                    DA SSL: on<br />
                    DA Language: en<br />
                    HOME: /home/admin<br />
                    Host name: de4.aserver.com<br />
                    Host name: de4.aserver.com<br />
                    Server IP: 11.1.1.1<br />
                    Client IP: 2.2.2.2.<br /><br /><br />Ereznet.co.il<br />
                </body>
            </html>
Code: 
2020-10-27 16:20:42 Received from [email protected] U=root P=local S=1153 T="[PLUGIN] EN-ClamAV - DirectAdmin - New install"
2020-10-27 16:22:53 H=mail.ereznet.co.il [62.90.39.2] Connection timed out
2020-10-27 16:22:53 [email protected] R=lookuphost T=remote_smtp defer (110): Connection timed out
Click to expand...

Does this not concern anybody?:oops:
 
Adrian_ said:
Does this not concern anybody?:oops:
Click to expand...


Active8 said:
Did someone noticed that this plugin send a mail to the maker with your server + ip info?
I saw it luckily because it was frozen in que
Code: 
1kXQmA-001Zba-C8-H
root 0 0
<[email protected]>
1603812042 0
-received_time_usec .376129
-active_hostname de4.aserver.com
-ident root
-received_protocol local
-aclm _uid 1
0
-aclm _username 4
root
-body_linecount 20
-max_received_linelength 70
-auth_id root
-auth_sender [email protected]
-allow_unqualified_recipient
-allow_unqualified_sender
-local
XX
1
[email protected]

201P Received: from root by de4.aserver.com with local (Exim 4.94)
    (envelope-from <[email protected]>)
    id 1kXQmA-001Zba-C8
    for [email protected]; Tue, 27 Oct 2020 16:20:42 +0100
030T To: [email protected]
056  Subject: [PLUGIN] EN-ClamAV - DirectAdmin - New install
019  MIME-Version: 1.0
040  Content-type: text/html; charset=UTF-8
032F From: [email protected]
055I Message-Id: <[email protected]>
038  Date: Tue, 27 Oct 2020 16:20:42 +0100
Code: 
html><head></head>
                <body>
                    <strong>EN-ClamAV installed on:</strong><br />
                    OS name: Linux<br />
                    Distribution: CentOS Linux release 8.2.2004 (Core)
<br />
                    Release name (kernel version): 4.18.0-193.19.1.el8_2.x86_64<br />
                    Version information: #1 SMP Mon Sep 14 14:37:00 UTC 2020<br />
                    Machine type: x86_64<br />
                    <br />
                    DA Version: 1.61.5<br />
                    DA SSL: on<br />
                    DA Language: en<br />
                    HOME: /home/admin<br />
                    Host name: de4.aserver.com<br />
                    Host name: de4.aserver.com<br />
                    Server IP: 11.1.1.1<br />
                    Client IP: 2.2.2.2.<br /><br /><br />Ereznet.co.il<br />
                </body>
            </html>
Code: 
2020-10-27 16:20:42 Received from [email protected] U=root P=local S=1153 T="[PLUGIN] EN-ClamAV - DirectAdmin - New install"
2020-10-27 16:22:53 H=mail.ereznet.co.il [62.90.39.2] Connection timed out
2020-10-27 16:22:53 [email protected] R=lookuphost T=remote_smtp defer (110): Connection timed out
Click to expand...

I wrote complain about this plugin before perhaps from the 2nd or 3rd post but I deleted my post because I don't want to hurt the author's feeling (that time nobody care what I was trying to say).

Since now you notice something, I will say this again for security awareness. I remember I told that you will not be able to inspect what the code is about because the source code (the core function) for this plugin is fully encrypted (that is the reason the main requirement to run this script is to install ioncube so it can be decrypted before it can run). I know the main purpose of encrypting the PHP source code with is for protecting his work so nobody can steal his work but someone can use this to actually run malicious code without you know. You know this plugin actually run as root user in your server, and there is high chance this php binary can send your server username and password to attacker... I know he might not do this but he 100% can and you wont notice this because the plugin is written with encrypted PHP source code! So, install this plugin if you trust the author. I will not install this plugin until the source code is published (or decrypted) so that I can inspect what it does.
 
Last edited:
ravgrg said:
What do you mean by pro pack? what is the
Click to expand...
There is no pro pack anymore, it's already build into the modern license. So it's now either modern (normal) license or legacy lifetime license.
With the normal license it seems it's build in or not needed anymore.
 
Richard G said:
There is no pro pack anymore, it's already build into the modern license. So it's now either modern (normal) license or legacy lifetime license.
With the normal license it seems it's build in or not needed anymore.
Click to expand...
I lost here, I have a DirectAdmin license, is this built-in?
 
ravgrg said:
I have a DirectAdmin license, is this built-in?
Click to expand...
Oke lets'make it easy. If you have one of the 3 licenses displayed here (click) and pay directly to Directadmin, then it's build in. Or at least pro pack is build in. So if @ericosman is correct then this plugin should be build in too.

If you pay 5/month or something to your hoster or datacenter, then most likely it's not.
 
Richard G said:
Oke lets'make it easy. If you have one of the 3 licenses displayed here (click) and pay directly to Directadmin, then it's build in. Or at least pro pack is build in. So if @ericosman is correct then this plugin should be build in too.

If you pay 5/month or something to your hoster or datacenter, then most likely it's not.
Click to expand...
Thank you, friend. So I have the Standard plan, but I don't see any GUI like that.
Maybe because I have Ubuntu?
 
You must log in or register to reply here.
Back
Top