Security and Virus Scanning in WHM

This document covers 2 features included within cPanel & WHM. These features scan for viruses and security weaknesses. Once you have identified a potential security threat, you should be prompted to take the appropriate action.

Quick Security Scan

WHM includes a quick security scan feature that scans for certain types of vulnerabilities, such as Trojans. You can access this feature in WHM at Home >> Security Center >> Quick Security Scan. We strongly recommend that you use this feature often. The following items, as well as similar items, are not Trojans:

• /sbin/depmod
• /sbin/insmod
• /sbin/modinfo

Note: You may see a [FAILED] error message. This generally means that the service was not running when the scanner attempted to shut it down.

ClamAV Scanner

Clam AntiVirus (ClamAV) is an antivirus software toolkit. You can access this feature at Home >> Plugins >> Configure ClamAV Scanner.

To enable ClamAV Scanner:

1. Select the check boxes corresponding to the services you would like ClamAV to scan.
2. Click Save.

Once you have enabled and configured ClamAV, we recommend that you create a root cronjob to run daily during off-peak hours. The cronjob should run the following command:

for i in `awk '!/nobody/{print $2 | "sort | uniq" }' /etc/userdomains | sort | uniq`; do /usr/bin/clamscan -i -r /home/$i 2>>/dev/null; done >> /root/infections&

This command will sweep iframe injections across your /home/$user directories and detect spam mail. This information can usually be ignored.