Scanning files for bad content is often required for server admins when they detect unusual activities under an account. On systems like a shared server, this happens quite often because the applications installed under various account may leave security holes which let attackers to exploit them and abuse the account privileges. Here I would like to introduce you a few tools which you can use the scan the files without any charges.
ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats and most popular free scanner solution in cPanel world. ClamAV is released under GNU GPLv2 license and maintained by an active group of developers and community members. ClamAV is very versatile and available for multiple platforms like Linux, Windows, FreeBSD, etc and provides options to enable integration easily using LibClamAV. Along with Web files scanning, it is also well known to scan emails for spam and end-point security.
You can use ClamAV’s command-line tool to scan files on your cPanel server. It provides various option to enhance the scanning including the option to add your custom virus databases. There are plenty of providers who use this flexible utility along with their signature database. It is fairly easy to create the virus signatures using ClamAV’s ‘sigtool‘ utility and with various combinations, you can create very powerful virus signatures. You can either use the command-line option to add an additional database or can specify the URL to download signature in the freshclam configuration file. You can use Malware.Expert virus signatures with ClamAV and it can generate excellent results in file scanning. Please refer LINK to read more about all available command-line scanner options.
cPGuard takes advantage of the LibClamAV library to perform signature based scanning. Instead of following the legacy method, we customize the scan method to generate less Memory/CPU foot-print and excellent result.
Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license and managed by R-fx Networks. This has been available for some time and quite popular to scan files for viruses/malware. Though there is no GUI available for MalDet, it has very powerful commandline utility and it can work with other control panles
as well. This is also using the signature based scanning method in its core and takes advantage of ClamAV if its available. It can be used for manual scanning and provides options to automate the scanner either using a cron job or using the inotify deamon. The configuration available is quite flexible and can enable auto-quarantine, enable e-mail alerts, clean infected files, etc.
also provides configuration to enable ModSec level file scanning during file uploads which is quite useful in many occassions. With its configurable auto-scanning, auto-quarantine and email alert options, MalDet helps server admins to make sure that the files updated are scanned and an action is performed against the detected bad files. MalDet is more powerful along with Malware.Expert virus signatures and you can see noticeable improvements in the file detection rate.
Malware Expert’s Malware Scanner and Removal Tool
Malware Expert is an innovative company which is offering solutions for web hosting server security. It provides various solutions to secure Web traffic using MOdSec rules, reduce brute-force attacks and spam emails using various RBL system, etc. Malware Scanner and Removal Tool is one of the latest solution from them and it is completely free of charge to use on your servers. This tools also use the ClamAV signature scanning engine in its core to scan files. It provides option to scan your directory and automatically clean the infected files. This is a very handy tool to scan your web files and with their custom ClamAV signatures, provides excellent results and can detect major kind of bad PHP files.
This does not provide an option to automate the scanner. But using a simple shell script, you can write a script to automate the scanner and schedule it using a cron job.
The free solutions are a good start to learn and test your scan/analysis skills. Though the free solutions cannot provide you instant files upload scanner and there will be no instant support offered from the developers. You can check the cPGuard security plugin which provides various methods to secure your cPanel server.