how to scan and remove shell & virus whole server via WHM or SSH whit Clamav?

 command for scan and remove shell & virus

if you want scan /folder1

clamscan /folder1 -ir --remove=yes 


I suggest you use follow command, it will move virus/shell to a folder,
clamscan /folder1 -ir --move=/virus


How to get Help regarding ClamScan


root@pea[/home]# clamscan --help

Clam AntiVirus Scanner 0.96.1
By The ClamAV Team: http://www.clamav.net/team
(C) 2007-2009 Sourcefire, Inc.

--help -h Print this help screen
--version -V Print version number
--verbose -v Be verbose
--debug Enable libclamav's debug messages
--quiet Only output error messages
--stdout Write to stdout instead of stderr
--no-summary Disable summary at end of scanning
--infected -i Only print infected files
--bell Sound bell on virus detection

--tempdir=DIRECTORY Create temporary files in DIRECTORY
--leave-temps[=yes/no(*)] Do not remove temporary files
--database=FILE/DIR -d FILE/DIR Load virus database from FILE or load
all supported db files from DIR
--official-db-only[=yes/no(*)] Only load official signatures
--log=FILE -l FILE Save scan report to FILE
--recursive[=yes/no(*)] -r Scan subdirectories recursively
--cross-fs[=yes(*)/no] Scan files and directories on other filesystems
--file-list=FILE -f FILE Scan files from FILE
--remove[=yes/no(*)] Remove infected files. Be careful!
--move=DIRECTORY Move infected files into DIRECTORY
--copy=DIRECTORY Copy infected files into DIRECTORY
--exclude=REGEX Don't scan file names matching REGEX
--exclude-dir=REGEX Don't scan directories matching REGEX
--include=REGEX Only scan file names matching REGEX
--include-dir=REGEX Only scan directories matching REGEX

--bytecode[=yes(*)/no] Load bytecode from the database
--bytecode-trust-all[=yes/no(*)] Trust all loaded bytecode
--bytecode-timeout=N Set bytecode timeout (in milliseconds)
--detect-pua[=yes/no(*)] Detect Possibly Unwanted Applications
--exclude-pua=CAT Skip PUA sigs of category CAT
--include-pua=CAT Load PUA sigs of category CAT
--detect-structured[=yes/no(*)] Detect structured data (SSN, Credit Card)
--structured-ssn-format=X SSN format (0=normal,1=stripped,2=both)
--structured-ssn-count=N Min SSN count to generate a detect
--structured-cc-count=N Min CC count to generate a detect
--scan-mail[=yes(*)/no] Scan mail files
--phishing-sigs[=yes(*)/no] Signature-based phishing detection
--phishing-scan-urls[=yes(*)/no] URL-based phishing detection
--heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found
--phishing-ssl[=yes/no(*)] Always block SSL mismatches in URLs (phishing module)
--phishing-cloak[=yes/no(*)] Always block cloaked URLs (phishing module)
--algorithmic-detection[=yes(*)/no] Algorithmic detection
--scan-pe[=yes(*)/no] Scan PE files
--scan-elf[=yes(*)/no] Scan ELF files
--scan-ole2[=yes(*)/no] Scan OLE2 containers
--scan-pdf[=yes(*)/no] Scan PDF files
--scan-html[=yes(*)/no] Scan HTML files
--scan-archive[=yes(*)/no] Scan archive files (supported by libclamav)
--detect-broken[=yes/no(*)] Try to detect broken executable files
--block-encrypted[=yes/no(*)] Block encrypted archives

--max-filesize=#n Files larger than this will be skipped and assumed clean
--max-scansize=#n The maximum amount of data to scan for each container file (**)
--max-files=#n The maximum number of files to scan for each container file (**)
--max-recursion=#n Maximum archive recursion level for container file (**)
--max-dir-recursion=#n Maximum directory recursion level

(*) Default scan settings
(**) Certain files (e.g. documents, archives, etc.) may in turn contain other
files inside. The above options ensure safe processing of this kind of data

Post a Comment

1 Comments

  1. In case it doesn't work then you need to use following command:

    /usr/local/cpanel/3rdparty/bin/clamscan

    ReplyDelete