If you are using assistive technology and are unable to read any part of the HostMonster website, or otherwise have difficulties using the HostMonster website, please call 866-573-HOST and our customer service team will assist you.
Skip to main content

HostMonster Web Hosting Help

Antivirus on Dedicated or VPS servers

Overview

If you suspect malware, shell scripts, exploits, or viruses on your VPS/Dedicated account, there are tools located in your WHM panel that can be used to scan for such malicious content. First, you will need to be able to login to your WHM. If you haven't done this before, please see How to Log into WHM.

When you go to your WHM login link, you will be presented with the following page:
WHM Login
Log in with the root user and password. If this is your first time logging into WHM, or if there was a recent cPanel update, you may see a page titled "Feature Showcase". Click on Exit to WHM at the bottom of the page:
Exit to WHM
There are two main types of virus scanning on VPS and Dedicated servers:

Installing and Using ClamAV

  1. In the top left-hand corner, type "clamav" in the search bar, then click on the Manage Plugins link.
  2. Click on the Install "ClamAV for cPanel".
    Install ClamAV
  3. Once the install is complete, you will see the "ClamAV for cPanel" is now installed message.
    ClamAV Installed
  4. Refresh the WHM panel and perform another search for "clamav" using the search bar. Click on Configure ClamAV Scanner, and make sure all boxes are checked.
    Configure ClamAV Scanner
  5. Search in WHM for "feature", and click on the Feature Manager. Choose "HostMonster" from the Manage feature list, then click edit.
    Feature Manager
  6. Enable Virus Scanning, and click Save. You can find this quickly by searching for "virus" on the Feature Manager page.
  7. Now that ClamAV is installed, you can manually run a scan from your server's command line as the root user.

    For more information on using SSH, please see SSH Access.

  8. Be sure to replace the $user with your cPanel username in the command below:
    root@server [~]# /usr/local/cpanel/3rdparty/bin/clamdscan -i /home/$user/
  9. Once the scan is complete, it will give you an output of flagged files and a scan summary. You can use this to help guide you in cleaning up your cPanel account.

You can uninstall ClamAV under the Manage Plugins section of your WHM panel.

Installing and Using ImunifyAV

Imunify360 is a new feature that gets shipped with cPanel starting in cPanel 88. Below are steps to install and use this new malware scanner.
  1. When you upgrade to cPanel 88, you will see the feature showcase in the "Feature Showcase". If you want to install ImunifyAV, make sure "Enable" is selected, then click the Save button at the bottom.
    WHM Feature Showcase
  2. If the Feature Showcase does not appear when logging into WHM, you can also install ImunifyAV manually via SSH.
    root@server [~]# wget https://repo.imunify360.cloudlinux.com/defence360/imav-deploy.sh
    root@server [~]# bash imav-deploy.sh
  3. Once the install process has begun, wait about 5-10 minutes for the install to finish. After it is complete, visit the ImunifyAV section in your WHM panel by typing "imunify" in the search bar and clicking ImunifyAV.
    WHM ImunifyAV
  4. From the ImunifyAV screen, click the actions button next to your cPanel account, and click "Scan for Malware". When it is done, it will give you results.
  5. If you have multiple accounts, you can select all accounts, and scan all at once.
    WHM - Install ImunifyAV

You can uninstall ImunifyAV via command line.
root@server [~]# bash imav-deploy.sh --uninstall

If you have deleted the imav-deploy.sh, you can re-download it first:
root@server [~]# wget https://repo.imunify360.cloudlinux.com/defence360/imav-deploy.sh

Summary

If files show up on any of the malware scans, please note that some of the files might be vital to the functionality of your site and only contain snippets of malicious code that has been injected. You will want to work to remove the malicious code without deleting the file. Other files might be wholly malicious and should be deleted.

If you need assistance with the removal of malware we recommend reaching out to our malware scanning partner, SiteLock. SiteLock also has plans that include a content delivery network (CDN) and a web application firewall (WAF) that aid in protecting against malicious attacks.

Even with active firewalls, most of the vulnerabilities a hacker uses to gain access to your site and file structure are within your website scripts and software. It is vital to make sure all software is up to date, including any themes, plugins, and modules. This is the most important way to help prevent malware and keeping your account and server secure.

Knowledgebase Article 55,366 views bookmark tags: clamav dedi dedicated malware virus vps


Was this resource helpful?

Did this resolve your issue?


Please add any other comments or suggestions about this content:





Recommended Help Content

How to install ClamAV to help with virus protection.
Knowledgebase Article 70,747 views tags: antivirus clamav cpanel dedicated plugin server whm

This article will explain some common causes for 500 errors on Dedicated or V.P.S servers.
Knowledgebase Article 58,643 views tags: dedi dedicated error server vps

To help with transferring of accounts from other servers to your account.
Knowledgebase Article 114,713 views tags: account dedicated multi multiple reseller single transfer whm

Related Help Content

This article will explain how to create and manage users on Dedicated or VPS servers.
Knowledgebase Article 59,450 views tags: dedi dedicated users vps

How to fix inaccessible backups on Dedicated or VPS servers due to backup size.
Knowledgebase Article 42,270 views tags: backup dedi dedicated inaccessible loop stuck vps

This article will explain how to configure your dedicated or VPS server to use the new (non legacy) backup system.
Knowledgebase Article 37,178 views tags: backup dedi dedicated vps

This article will explain how to restart the email related services on a Dedicated or VPS server. This may be useful if you are experiencing trouble with your email.
Knowledgebase Article 55,391 views tags: dedi dedicated dovecot exim mail restart vps whm

This article will explain how to clear the outbound mail queue on a dedicated or VPS server.
Knowledgebase Article 56,518 views tags: dedi dedicated mail queue vps

This article will explain how to view the email logs on a Dedicated or VPS server. This may be usefull if you are experiencing trouble with your email.
Knowledgebase Article 54,980 views tags: dedi dedicated logs mail vps whm

How to setup name servers for multiple cPanel accounts.
Knowledgebase Article 154,225 views tags: accounts custom dedicated multi multiple nameservers server servers

This article explains how to manager your ports through IPTables.
Knowledgebase Article 64,670 views tags: close dedi dedicated iptables open ports vps

This site utilizes JavaScript to function correctly. Looks like it's disabled on your browser. Please enable it for your best experience.

For instructions on enabling JavaScript, click here