Install ClamAV on DirectAdmin | Free Antivirus – OrcaCore

By Posted on

Install ClamAV on DirectAdmin | Free Antivirus - OrcaCore

Install ClamAV on DirectAdmin | Free Antivirus – OrcaCore

In this article, we will guide you on How To Install ClamAV on DirectAdmin. Clam AntiVirus (ClamAV) is a free, cross-platform, and open-source antivirus software toolkit designed to detect various types of malicious software, including viruses, trojans, malware, and other threats. It is a valuable tool for maintaining the security of your server.

ClamAV includes several utilities: a command-line scanner, an automatic database updater, and a scalable multi-threaded daemon that operates using an anti-virus engine from a shared library. A primary application for ClamAV is on mail servers, functioning as a server-side email virus scanner to protect against email-borne threats.

DirectAdmin is a web hosting control panel software, similar to cPanel, that allows you to manage your website and hosting options through a graphical, web-based interface. It simplifies server administration tasks and provides a user-friendly environment for managing your hosting account.

Let’s move forward with the guide steps below on the Orcacore website to set up ClamAV for DirectAdmin Panel.

In this guide, you will learn how to Install ClamAV on DirectAdmin with easy-to-follow steps. To get started, follow the instructions below.

Setting Up ClamAV For DirectAdmin

Setting Up ClamAV For DirectAdmin

First, log in to your server as the root user via SSH. Then, navigate to your DirectAdmin "custombuild" directory using the following command:

cd /usr/local/directadmin/custombuild

Within this directory, you can compile and Install ClamAV on DirectAdmin using these commands:

# ./build update
# ./build set clamav yes
# ./build clamav

This process will take some time to complete, as it involves downloading, compiling, and installing the ClamAV software and its dependencies.

Once the installation is complete, run the following command to update the ClamAV virus database:

freshclam

freshclam is the automatic database update tool specifically designed for Clam AntiVirus. It ensures that your virus definitions are up-to-date, providing the best possible protection against emerging threats.

Now, start the ClamAV service on your server with the following command:

service clamd start

At this point, you can begin scanning your entire server or specific directories using these commands:

# clamscan -r -i / (full scan)
# clamscan -r -i /home/admin/domains/domain.com/ (to specific directory)

The -r flag enables recursive scanning of directories, and the -i flag ensures that only infected files are displayed in the output.

Note: ClamAV (or any virus scanner) is a resource-intensive service, particularly regarding memory usage. Ensure your server has sufficient swap memory; otherwise, you might encounter a "Killed" output during scanning, indicating that the system ran out of memory.

To increase the swap file size, use the following commands:

# swapoff -a
# dd if=/dev/zero of=/swapfile count=4096 bs=1MiB
# chmod 600 /swapfile
# mkswap /swapfile
# swapon /swapfile

These commands disable existing swap, create a new swap file, set the correct permissions, format it as swap space, and then enable it. The count=4096 creates a 4GB swap file. Adjust as needed for your server’s resources.

After that, you can use the command below to verify the increasing the swap file:

free -m

This command displays the amount of free and used memory in your system, including swap space. Verify that the swap space has increased as expected.

With the swap space adjusted, you can now start scanning your server using ClamAV without encountering memory-related issues.

Conclusion

At this point, you have learned how to easily Install ClamAV on DirectAdmin using Linux commands. This setup helps you detect various types of malicious software, including viruses, on your DirectAdmin server, enhancing its overall security.

We hope you found this guide helpful. Please subscribe to us on Facebook, YouTube, and X.

Also, you may like to read the following articles:

Installing DirectAdmin on AlmaLinux 8

How to Change Web Server Settings on DirectAdmin

Installing CloudLinux on DirectAdmin

Add a User and a Reseller on DirectAdmin

FAQs

Does ClamAV slow down the server?

ClamAV is lightweight, but full scans can use CPU resources. Running scans during low-traffic hours is recommended.

Can ClamAV remove infected files automatically?

Yes, add the –remove flag to the scan command: clamscan -r --remove /home

Does ClamAV scan incoming emails in DirectAdmin?

Yes, if configured properly, ClamAV can scan emails for viruses and malware.

Is ClamAV free to use in DirectAdmin?

Yes, ClamAV is completely free and open-source, making it a great security tool for DirectAdmin users.

Can ClamAV automatically scan files in DirectAdmin?

Yes, you can set up cron jobs to schedule automatic scans. For Example:
0 2 * * * clamscan -r /home >> /var/log/clamav/scan.log

Alternative Solutions for Malware Detection in DirectAdmin

While ClamAV is a popular and effective open-source solution for malware detection, there are alternative approaches to consider for enhancing the security of your DirectAdmin server. Here are two different methods, along with explanations and code examples where applicable.

1. Using a Commercial Antivirus Solution:

Commercial antivirus solutions often provide more advanced features, improved detection rates, and dedicated support compared to open-source alternatives. These solutions are typically designed for server environments and offer better integration with control panels like DirectAdmin.

  • Explanation: Commercial antivirus software usually employs more sophisticated scanning engines, heuristic analysis, and real-time protection mechanisms. They also often include centralized management interfaces, allowing for easier monitoring and configuration across multiple servers. Furthermore, commercial vendors maintain dedicated teams for updating virus definitions and providing technical support.

  • Implementation:
    While specific implementation steps vary depending on the chosen vendor, a common approach involves installing the antivirus agent on the server and configuring it to scan files regularly. Many commercial antivirus solutions offer DirectAdmin plugins or integrations, simplifying the installation and configuration process. You can usually install the software using a package manager (yum, apt) after adding the vendor’s repository.

    # Example using a hypothetical commercial antivirus package (replace 'vendor-antivirus' with the actual package name)
yum install vendor-antivirus

    After installation, you would typically configure the antivirus software through its web interface or command-line tools, specifying scan schedules, file exclusions, and other settings.

2. Implementing a File Integrity Monitoring (FIM) System:

File Integrity Monitoring (FIM) systems continuously monitor critical system files and directories for unauthorized changes. This approach can detect malware infections by identifying modifications made to system files by malicious software.

  • Explanation: FIM works by creating a baseline of cryptographic hashes for important files. It then periodically compares the current hashes of these files against the baseline. If any changes are detected, an alert is triggered, indicating a potential security breach. FIM is particularly effective at detecting rootkits and other malware that modify system files to hide their presence.

  • Implementation:
    A popular open-source FIM tool is AIDE (Advanced Intrusion Detection Environment). Here’s how you can implement it:

    1. Install AIDE:

      yum install aide  # For CentOS/RHEL
apt install aide  # For Debian/Ubuntu

    2. Initialize the Database:

      aide --init
cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db

    3. Configure AIDE:

      Edit the /etc/aide.conf file to specify the files and directories you want to monitor. A typical configuration might include system binaries, configuration files, and website content.

      /etc/passwd       p+i+u+g+s+m+c+acl+selinux+xattrs
/etc/shadow       p+i+u+g+s+m+c+acl+selinux+xattrs
/usr/bin          p+i+u+g+s+m+c+acl+selinux+xattrs
/usr/sbin         p+i+u+g+s+m+c+acl+selinux+xattrs
/var/www/html     p+i+u+g+s+m+c+acl+selinux+xattrs
      • p: permissions
      • i: inode
      • u: user
      • g: group
      • s: size
      • m: mtime (modification time)
      • c: ctime (change time)
      • acl: Access Control List
      • selinux: SELinux attributes
      • xattrs: Extended attributes

    4. Run Daily Checks (Cron Job):

      Create a cron job to run AIDE checks automatically on a regular basis (e.g., daily).

      crontab -e

      Add the following line to your crontab:

      0 3 * * * /usr/sbin/aide --check

      This will run AIDE checks every day at 3:00 AM. The output of the check will be emailed to the root user if changes are detected.

These alternative solutions offer different approaches to malware detection and server security. Commercial antivirus solutions provide comprehensive protection and support, while FIM systems focus on detecting unauthorized changes to critical files. Depending on your specific needs and resources, you can choose the solution that best fits your DirectAdmin environment. It’s even possible to combine these approaches for enhanced security. Remember to always keep your systems updated and implement strong security practices to minimize the risk of malware infections.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *