Archive - March 2015

Scanning for Malware on cPanel

I look after a number of cPanel servers and recently had a need to scan them for malware. After a bit of searching around I found Linux Malware Detect from R-fx Networks.

Malware Detect was very easy to install on CentOS (the flavour of linux I use for my cPanel servers). The installation process involved only a couple of lines in a terminal whilst logged in as root.

cd /usr/local/src/
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzf maldetect-current.tar.gz
cd maldetect-*
sh ./install.sh
maldet --update-ver
maldet --update

Once installed you can easily start a scan by running

maldet -a /home

This will scan the whole home directory, alternatively for a more targeted scan

maldet -a /home?/?/public_html

Will only scan the public_html folders of each account on the server.

Scanning seemed to work quite well, however it was extremely slow. In order to correct this it is possible for Malware Detect to make use of the ClamAV scanning engine. Provided this is installed (which it should be!) Maldet will use this as it’s scanning engine and will improve the scan performance significantly. At least that’s how it’s supposed to work, however cPanel installs ClamAV into a different location from the one that Maldet expects. To correct this a link can be added so that Maldet can find the ClamAV scanning engine properly.

ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/bin/clamscan