virtualmin and clamAV

edwardsmarkf · December 15, 2014, 6:09pm

hello all -

this is a newbie forum and this is a dumb question so here goes:

i dont use virtualmin for anything to do with email, so the only two i ever seem to use are “DNS Domains Enabled?” and “Apache website enabled?”.

for that matter, i dont use our server for any incoming email at all.

i attempted to enable "“Virus filtering enabled?” but got the following message:

Failed to modify server : Virus filtering cannot be enabled unless email and spam filtering is

it appears that if i want to use clamAV i have to install and run it manually. is this true? it seems odd that an antispam program would be listed as an email option.

my question: is this the proper approach to use clamAV? i would rather use it as part of virtualmin/webmin if that is possible.

i did find this link to help me install clamAV manually on centOS:
https://www.centosblog.com/how-to-install-clamav-and-configure-daily-scanning-on-centos/

and once again, THANK YOU ALL !

Joe · December 16, 2014, 12:39am

What do you want ClamAV to do, if not scan your email?

edwardsmarkf · December 16, 2014, 1:55am

according to this:

http://www.clamav.net/index.html

ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.

i was under the possibly mistaken impression that clamAV scans the entire system, not just email. i did install it and run it, but it didn’t find anything, thankfully.

lately i have noticed some malware has managed to sneak in occasionally and i have yet to figure out where, except maybe something like node.js or meteor.js – both of which are pretty new platforms.

maybe virtualmin is using some sort of email-only version?

Eric · December 16, 2014, 2:15pm

Howdy,

You may want to take a peek at the Linux Malware Detect project, which uses the ClamAV engine, but is designed to look for web-based malware:

https://www.rfxn.com/projects/linux-malware-detect/

edwardsmarkf · December 16, 2014, 3:33pm

thank you all.

the clamAV one ran last night and gave me this:

----------- SCAN SUMMARY -----------
Known viruses: 3709021
Engine version: 0.98.5
Scanned directories: 34342
Scanned files: 861713
Infected files: 3
Data scanned: 6367.70 MB
Data read: 27685.90 MB (ratio 0.23:1)
Time: 12566.815 sec (209 m 26 s)

this seems to be just what i wanted. my reference link is in the first posting for this thread. i thought perhaps this ‘standalone’ clamAV was maybe a module in virtualmin/webmin, very similar to what we did with csf.

Eric · December 16, 2014, 4:10pm

Howdy,

The ClamAV tool you’re using is indeed the one Virtualmin installs, and uses for checking email.

What comes with the standard ClamAV isn’t as good at finding web-based malware as the Linux malware detect database is. Though there’s certainly nothing wrong with having it look for malicious files.

Note that it’s possible what ClamAV found in your test above were emails that were sitting in a spam/virus folder.

However, if you wanted to configure ClamAV to scan your system, you could certainly do so, and could configure that to run from within cron.

-Eric