Scan web servers for viruses and other malicious files with ClamAV

Scan web servers for viruses and other malicious files with ClamAV

The usual tools for a virus scan under Plesk are unfortunately somewhat expensive when used on numerous servers or are simply too careless in their scanning. Today I would therefore like to describe a virus scan with the ClamAV tool (as always under Debian). The installation is usually no problem, even with Plesk.

First we install ClamAV

apt update
apt install clamav clamav-daemon -y

Then we briefly stop the service and update it, after which we restart the service again

systemctl stop clamav-freshclam
freshclam
systemctl start clamav-freshclam

The scan will take some time so that it does not come to a stop due to a disconnection if it is run in a screen session.

apt install screen
screen

A scan of all vhosts, i.e. web hostings in Plesk, can then be performed with

clamscan --infected --recursive /var/www/vhosts --log=/root/clamav$(date %Y-%m-%d).log

can be executed. A log is then saved in /root/clamavAKTUELLESDATUM.log.

Of course, a scan can also be automated using a cron job.

Do you want the files found to be deleted directly? No problem:

clamscan --infected --recursive --remove /var/www/vhosts --log=/root/clamav$(date %Y-%m-%d).log

Leave a Reply

Your email address will not be published. Required fields are marked *