[Plugin Directadmin] Site Scanner (ClamAV run)

การสนับสนุนสำหรับ webhosts ที่ใช้ CentOS

[Plugin Directadmin] Site Scanner (ClamAV run)

โพสต์โดย slwt2002 » พุธ 14 มี.ค. 2018 10:18

Site Scanner is free open-source plugin for daily ClamAV run.
https://bitbucket.org/ruweb/site_scan

WARNING: Plugin is in BETA state! Plugin still lacks english localization (only text placeholders will be displayed while tokens inside user/lang/lang.en.php is not filled up).

Download & install from
โค้ด: เลือกทั้งหมด
https://plugins.ruweb.net/site_scan.tar.gz

Or
โค้ด: เลือกทั้งหมด
http://plugins.ruweb.net/site_scan.tar.gz

During installation daily cron job will be added to /etc/crontab:
Code:

0 4 * * * root /usr/local/directadmin/plugins/site_scan/scripts/sitescan_run.sh

Once a week (on Tuesday or on the first run) full /home scan will be performed with clamscan, in other days only new files (by mtime/ctime) will be scanned.
By default infected files will be blocked by executing chmod 000. (User can disable auto-blocking feature inside plugin interface in DirectAdmin.)
After every scan, list of infected files with brief instructions will be e-mailed to user, also full list of infected files will be reported to admin via DirectAdmin message system.
User can add files to whitelist - whitelisted files will not be blocked and will not be reported to user.
User interface example: http://i.imgur.com/lw3nL6c.png
Russian interface example: https://forum.ruweb.net/viewthread.php?tid=3017

Note
Only signature databases added to /usr/local/directadmin/plugins/site_scan/clamav/ directory will be used during scan. (Symlinks to default databases will be added there during installation).
It is highly recommended to add Linux Malware Detect signatures to your databases:

แก้ไขไฟล์

โค้ด: เลือกทั้งหมด
vi /etc/freshclam.conf


โดยเพิ่ม DatabaseCustomURL บรรทัดด้านล่าง


Code:
โค้ด: เลือกทั้งหมด
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.ndb
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.hdb


We also found Malware Expert signatures quite useful and effective:
Code:
โค้ด: เลือกทั้งหมด
DatabaseCustomURL http://cdn.malware.expert/malware.expert.ndb
DatabaseCustomURL http://cdn.malware.expert/malware.expert.hdb
DatabaseCustomURL http://cdn.malware.expert/malware.expert.ldb
DatabaseCustomURL http://cdn.malware.expert/malware.expert.fp


Add this to your freshclam.conf if you haven't done so yet. (Then execute freshclam and reinstall plugin - symlinks will be added to /usr/local/directadmin/plugins/site_scan/clamav/)
You may want to add our whitelist also (and/or create your own whitelist)
Code:
โค้ด: เลือกทั้งหมด
DatabaseCustomURL http://ruweb.net/whitelist_ruweb.ign2


to skip some False-Positive signatures.

http://forum.directadmin.com/showthread.php?t=55080
ภาพประจำตัวสมาชิก
slwt2002
Administrator
 
โพสต์: 83
ลงทะเบียนเมื่อ: พุธ 24 มิ.ย. 2015 19:03

ย้อนกลับไปยัง CentOS Webhosting Support

ผู้ใช้งานขณะนี้

กำลังดูบอร์ดนี้: ไม่มีสมาชิกใหม่ และ บุคคลทั่วไป 1 ท่าน

cron