virtualmin and clamAV

6 posts / 0 new
Last post
#1 Mon, 12/15/2014 - 12:09
edwardsmarkf

virtualmin and clamAV

hello all -

this is a newbie forum and this is a dumb question so here goes:

i dont use virtualmin for anything to do with email, so the only two i ever seem to use are "DNS Domains Enabled?" and "Apache website enabled?".

for that matter, i dont use our server for any incoming email at all.

i attempted to enable ""Virus filtering enabled?" but got the following message: Failed to modify server : Virus filtering cannot be enabled unless email and spam filtering is it appears that if i want to use clamAV i have to install and run it manually. is this true? it seems odd that an antispam program would be listed as an email option.

my question: is this the proper approach to use clamAV? i would rather use it as part of virtualmin/webmin if that is possible.

i did find this link to help me install clamAV manually on centOS: https://www.centosblog.com/how-to-install-clamav-and-configure-daily-sca...

and once again, THANK YOU ALL !

Mon, 12/15/2014 - 18:39
Joe
Joe's picture

What do you want ClamAV to do, if not scan your email?

--

Check out the forum guidelines!

Mon, 12/15/2014 - 19:55
edwardsmarkf

according to this:

http://www.clamav.net/index.html ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats. i was under the possibly mistaken impression that clamAV scans the entire system, not just email. i did install it and run it, but it didn't find anything, thankfully.

lately i have noticed some malware has managed to sneak in occasionally and i have yet to figure out where, except maybe something like node.js or meteor.js -- both of which are pretty new platforms.

maybe virtualmin is using some sort of email-only version?

Tue, 12/16/2014 - 08:15
andreychek

Howdy,

You may want to take a peek at the Linux Malware Detect project, which uses the ClamAV engine, but is designed to look for web-based malware:

https://www.rfxn.com/projects/linux-malware-detect/

Tue, 12/16/2014 - 09:33
edwardsmarkf

thank you all.

the clamAV one ran last night and gave me this: ----------- SCAN SUMMARY ----------- Known viruses: 3709021 Engine version: 0.98.5 Scanned directories: 34342 Scanned files: 861713 Infected files: 3 Data scanned: 6367.70 MB Data read: 27685.90 MB (ratio 0.23:1) Time: 12566.815 sec (209 m 26 s) this seems to be just what i wanted. my reference link is in the first posting for this thread. i thought perhaps this 'standalone' clamAV was maybe a module in virtualmin/webmin, very similar to what we did with csf.

Tue, 12/16/2014 - 10:10
andreychek

Howdy,

The ClamAV tool you're using is indeed the one Virtualmin installs, and uses for checking email.

What comes with the standard ClamAV isn't as good at finding web-based malware as the Linux malware detect database is. Though there's certainly nothing wrong with having it look for malicious files.

Note that it's possible what ClamAV found in your test above were emails that were sitting in a spam/virus folder.

However, if you wanted to configure ClamAV to scan your system, you could certainly do so, and could configure that to run from within cron.

-Eric

Topic locked