So you feel a site on your server may have been attacked – and you want to make sure it is clean – how do you go about it?
The following command will run a scan on the selected user directory on the server.
/usr/sbin/cxs –report /root/scan.log –baction high –bayes –breport medium –clamdsock /tmp/clamd –defapache nobody –doptions Mv –exploitscan –nofallback –filemax 10000 –mail [email protected] –options mMOLfSGchexdnwZRD –qoptions Mv –sizemax 500000 –summary –sversionscan –timemax 30 –virusscan –voptions mfuhexT /home/accountname
NB: Please replace the [email protected] with your actual email address – and change the last part of the command to theuser directory you need to scan.
To use this command:
1) Open an SSH/putty session to your server
2) Login as root
3) type in and hit enter: freshclam
4) type in: screen -S Scan
5) copy and paste (right mouse in putty) the above command (but with your email address)
6) Hit enter.