Linux Fun

Linux itu Mudah, Gratis, Lengkap dan Menyenangkan

Cara Install, Update Otomatis dan Menggunakan AntiVirus ClamAV di cPanel, WHM dan SSH

Kita sebagai admin server sangat menyadari pentingnya antivirus dalam menjaga keamanan data dan stablitas server. Pada kesempatan ini saya akan membahas AntiVirus clamAV. Antivirus ini gratis dan tersedia plugin yang sudah terpasang secara otomatis di WHM Plugins.

Berikut ini saya akan membahas beberapa hal untuk menjaga kesehatan server kita.

  1. Cara install Antivirus ClamAV di WHM
  2. Install ClamAV melalui SSH di CentOS
  3. Cara Scaning Virus Menggunakan ClamAV di Cpanel
  4. Cara Update & scaning virus melalui SSH menggunakan clamAV
  5. Cara scaning Virus di Server secara otomatis melalui setting crontab -e menggunakan clamAV

Cara install Antivirus ClamAV di WHM

  1. Login sebagai root di WHM
  2. Masuk ke Home » cPanel » Manage Plugins
  3. Centang Install and keep updated ClamAV, lalu klik Save
  4. Tunggu prosesnya sampai selesai, akan menghasilkan output seperti ini
    [20140625.010220]   Downloading http://httpupdate.cpanel.net/RPM/11.40/centos/6/x86_64/rpm.md5
    [20140625.010220]   Downloading http://httpupdate.cpanel.net/RPM/11.40/centos/6/x86_64/cpanel-clamav-virusdefs-0.98.3-1.cp1140.x86_64.rpm
    [20140625.010332]   Downloading http://httpupdate.cpanel.net/RPM/11.40/centos/6/x86_64/cpanel-perl-514-File-Scan-ClamAV-1.91-1.cp1136.x86_64.rpm
    [20140625.010332]   Downloading http://httpupdate.cpanel.net/RPM/11.40/centos/6/x86_64/cpanel-clamav-0.98.3-1.cp1140.x86_64.rpm
    [20140625.010351]   Hooks system enabled
    [20140625.010351]   Checking for and running RPM::Versions 'pre' hooks for any RPMs about to be installed
    [20140625.010351]   All required 'pre' hooks have been run
    [20140625.010351]   No RPMS need to be uninstalled
    [20140625.010351]   Installing new rpms: cpanel-clamav-virusdefs-0.98.3-1.cp1140.x86_64.rpm cpanel-perl-514-File-Scan-ClamAV-1.91-1.cp1136.x86_64.rpm cpanel-clamav-0.98.3-1.cp1140.x86_64.rpm
    [20140625.010351]   Preparing packages for installation...
    [20140625.010352]   Locking password for user clamav.
    [20140625.010352]   passwd: Success
    [20140625.010353]   cpanel-clamav-virusdefs-0.98.3-1.cp1140
    [20140625.010355]   groupadd: group 'clamav' already exists
    [20140625.010355]   useradd: user 'clamav' already exists
    [20140625.010355]   Locking password for user clamav.
    [20140625.010355]   passwd: Success
    [20140625.010355]   cpanel-clamav-0.98.3-1.cp1140
    [20140625.010355]   warning: /etc/chkserv.d/clamd saved as /etc/chkserv.d/clamd.rpmorig
    [20140625.010402]   clamd: no process killed
    [20140625.010403]   clamd: no process killed
    [20140625.010409]   Configuration file passes test!  New configuration file was installed.
    [20140625.010409]   
    [20140625.010409]   Enabled system filter options: attachments|spam_rewrite
    [20140625.010409]   Enabled ACL options in block ACL_MAIL_PRE_BLOCK: default_mail_pre
    [20140625.010409]   Enabled ACL options in block ACL_RECIPIENT_POST_BLOCK: default_recipient_post
    [20140625.010409]   Enabled ACL options in block ACL_SPAM_SCAN_CHECK_BLOCK: default_spam_scan_check
    [20140625.010409]   Enabled ACL options in block ACL_CHECK_MESSAGE_PRE_BLOCK: default_check_message_pre
    [20140625.010409]   Enabled ACL options in block ACL_CONNECT_POST_BLOCK: default_connect_post
    [20140625.010409]   Enabled ACL options in block ACL_OUTGOING_NOTSMTP_CHECKALL_BLOCK: resolve_vhost_owner|end_default_outgoing_notsmtp_checkall
    [20140625.010409]   Enabled ACL options in block ACL_CONNECT_BLOCK: ratelimit|slow_fail_block|spammerlist
    [20140625.010409]   Enabled ACL options in block ACL_POST_RECP_VERIFY_BLOCK: dictionary_attack
    [20140625.010409]   Enabled ACL options in block ACL_TRUSTEDLIST_BLOCK: trustedmailhosts
    [20140625.010409]   Enabled ACL options in block ACL_IDENTIFY_SENDER_BLOCK: default_identify_sender|default_message_submission
    [20140625.010409]   Enabled ACL options in block ACL_MAIL_BLOCK: requirehelo|requirehelonoforge|requirehelosyntax
    [20140625.010409]   Enabled ACL options in block ACL_PRE_RECIPIENT_BLOCK: dkim_disable
    [20140625.010409]   Enabled ACL options in block ACL_CHECK_MESSAGE_POST_BLOCK: default_check_message_post
    [20140625.010409]   Enabled ACL options in block ACL_POST_SPAM_SCAN_CHECK_BLOCK: mailproviders
    [20140625.010409]   Enabled ACL options in block ACL_SPAM_SCAN_BLOCK: default_spam_scan
    [20140625.010409]   Enabled ACL options in block ACL_SMTP_QUIT_BLOCK: slow_fail_block
    [20140625.010409]   Enabled ACL options in block ACL_NOTQUIT_BLOCK: ratelimit
    [20140625.010409]   Enabled ACL options in block ACL_RECP_VERIFY_BLOCK: default_recp_verify
    [20140625.010409]   Enabled ACL options in block ACL_PRE_SPAM_SCAN: mailproviders
    [20140625.010409]   Enabled ACL options in block ACL_EXISCAN_BLOCK: default_exiscan
    [20140625.010409]   Enabled ACL options in block ACL_RECIPIENT_BLOCK: default_recipient
    [20140625.010409]   Enabled ACL options in block ACL_MAIL_POST_BLOCK: default_mail_post
    [20140625.010409]   Detected spam handling in acls, disabling spamassassin in routers & transports!.
    [20140625.010409]   SpamAssassin method remains unchanged
    [20140625.010409]   Configured options list is: 
    [20140625.010409]   ACL: acl_not_smtp is active
    [20140625.010409]   ACL: acl_smtp_connect is active
    [20140625.010409]   ACL: acl_smtp_data is active
    [20140625.010409]   ACL: acl_smtp_mail is active
    [20140625.010409]   ACL: acl_smtp_quit is active
    [20140625.010409]   ACL: acl_smtp_notquit is active
    [20140625.010409]   ACL: acl_smtp_rcpt is active
    [20140625.010409]   Provided options list is: deliver_queue_load_max|queue_only_load|daemon_smtp_ports|tls_on_connect_ports|system_filter_user|system_filter_group|tls_require_ciphers|hostlist loopback|hostlist senderverifybypass_hosts|hostlist skipsmtpcheck_hosts|hostlist spammeripblocks|hostlist backupmx_hosts|hostlist trustedmailhosts|hostlist relay_hosts|domainlist user_domains|smtp_accept_queue_per_connection|remote_max_parallel|smtp_receive_timeout|ignore_bounce_errors_after|rfc1413_query_timeout|timeout_frozen_after|auto_thaw|callout_domain_negative_expire|callout_negative_expire|acl_not_smtp|acl_smtp_connect|acl_smtp_data|acl_smtp_mail|acl_smtp_quit|acl_smtp_notquit|acl_smtp_rcpt|message_body_newlines|check_rfc2047_length|perl_at_start|deliver_queue_load_max|queue_only_load|daemon_smtp_ports|tls_on_connect_ports|system_filter_user|system_filter_group|tls_require_ciphers|av_scanner|spamd_address
    [20140625.010409]   Exim Insert Regex is: virtual_userdelivery|virtual_aliases|democheck|check_mail_permissions|remote_smtp|address_pipe|virtual_user|localuser|virtual_sa_user
    [20140625.010409]   Exim Replace Regex is: virtual_sa_user|sa_localuser|virtual_sa_userdelivery|local_sa_delivery|cpanel_archiver|cpanel_archiver_transport|discover_sender_information|fixed_login|fixed_plain|lookuphost|remote_smtp|secure_login|secure_plain
    [20140625.010409]   Exim Match Insert Regex is: 
    [20140625.010409]   Exim version 4.82 #2 built 06-Feb-2014 16:42:28
    [20140625.010409]   Copyright (c) University of Cambridge, 1995 - 2013
    [20140625.010409]   (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2013
    [20140625.010409]   Berkeley DB: Berkeley DB 4.7.25: (September 12, 2013)
    [20140625.010409]   Support for: crypteq iconv() IPv6 PAM Perl OpenSSL Content_Scanning DKIM Old_Demime Experimental_SPF Experimental_SRS
    [20140625.010409]   Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz dbmnz passwd
    [20140625.010409]   Authenticators: cram_md5 dovecot plaintext spa
    [20140625.010409]   Routers: accept dnslookup ipliteral manualroute queryprogram redirect
    [20140625.010409]   Transports: appendfile/maildir autoreply pipe smtp
    [20140625.010409]   Size of off_t: 8
    [20140625.010409]   
    [20140625.010409]   Exim Perl Load List is: spamkey|mail_permissions|get_relayhosts_domain|checkuserquota|boxtrapper|fast_checkvalias|email_archiver|fast_isdemo|fast_accountfunc|0_mail_permissions_variables|checkpass_cphulkd|spam_acl_support|encode_string_literal|safefile|cpwrap|checkspam|z_preload_modules|email_send_limits|identify_local_connection
    [20140625.010409]   /etc/exim.pl.local installed!
    [20140625.010409]   razor2 is installed, enabled in SpamAssassin!
    [20140625.010409]   pyzor is not installed, disabling it in SpamAssassin to save memory
    [20140625.010409]   SPF is disabled in exim or unavailable, enabling SPF for SpamAssassin
    [20140625.010410]   Refreshing SMTP Mail protection.
    [20140625.010410]   SMTP Mail protection has been disabled.  All users may make outbound smtp connections.
    [20140625.010419]   cpanel-perl-514-File-Scan-ClamAV-1.91-1.cp1136
    [20140625.010419]   Prelinking shared libraries and binaries: /usr/sbin/prelink -av -mR
    [20140625.010442]   Checking for and running RPM::Versions 'post' hooks for any RPMs just installed
    [20140625.010442]   All required 'post' hooks have been run
    
    Done
    
    Process Complete

 

Sampai disini server kita sudah terinstall antivirus clamd.

Install ClamAV melalui SSH di CentOS

  1. Login ke SSH sebagai root jalankan perintah berikut
    yum install clamd
  2. Selesai.

Cara Scaning Virus Menggunakan ClamAV di Cpanel

  1. Login ke akun Cpanel Anda, cari icon dan klik Virus scanner hingga tampil antar muka Virus Scanner powered by ClamAV, namun jangan memaksa, jika tidak ada ya sudah. Umumnya fasilitas ini ditiadakan pada layanan share hosting, karena berpotensi memberatkan sistem.
  2. Kemudian pilih Scan Entire Home Directory dan klik Scan Now dan tunggu hingga selesai. Jika terdapat file yang terinfeksi segera perbaiki website Anda siapa tahu ada file php, css atau js yang hilang.

 

Cara Update & Scaning Virus melalui SSH Menggunakan ClamAV Secara Manual

  1. Login SSH menggunakan user root, hati-hati kerusakan sistem tanggungjawab sediri ya gan.
  2. Update dulu databases clmadnya agar kesaktiannya optimal, dengan cara:
    freshclam

    Kemudian jalan perintah scanning seperti ini:

     clamscan -r /home" atau "clamscan -r –remove /home
  3. Tunggu sampai selesai, proses ini akan mendeteksi virus dan otomatis menghapus file yang dicurigai sebagai virus.

Cara Scaning Virus di Server Centos secara Otomatis melalui crontab -e Menggunakan ClamAV

 

Perlindungan server kita akan lebih maksimal dan juga tidak melelahkan jika update dan scaning dijalankan secara periodik dan otomatis. Langkah ini dapat kita wujudkan dengan bantuan cron job yang sudah tersedia. Berikut langkah-langkahnya:

  1. Login ke SSH sebagai root
  2. Ketikkan
    crontab -e
  3. Jangan mengubah apapun yang ada disana, karena ini mungkin akan perpengaruh terhadap service server kita yang lain. Tambahkan kode berikut di bagian paling bawah
    00 00 * * * freshclam
    00 00 * * * clamscan -r /home" atau "clamscan -r –remove /home

Waktu update dan scanningnya harap disesuaikan dengan kekuatan dan kesibukan server kita, scanning setiap hari mungkin akan meningkatkan keamanan sistem, namun untuk alasan performa server, saya rasa seminggu sekali cukup.

Recent Posts

Updated: July 13, 2014 — 6:27 pm

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Linux Fun © 2014 RSS