So you feel a site on your server may have been attacked – and you want to make sure it is clean – how do you go about it?

The following command will run a scan on the selected user directory on the server.

/usr/sbin/cxs –report /root/scan.log –baction high –bayes –breport medium –clamdsock /tmp/clamd –defapache nobody –doptions Mv –exploitscan –nofallback –filemax 10000 –mail [email protected] –options mMOLfSGchexdnwZRD –qoptions Mv –sizemax 500000 –summary –sversionscan –timemax 30 –virusscan –voptions mfuhexT /home/accountname

NB: Please replace the [email protected] with your actual email address – and change the last part of the command to theuser directory you need to scan.

To use this command:

1) Open an SSH/putty session to your server

2) Login as root

3) type in and hit enter: freshclam

4) type in: screen -S Scan

5) copy and paste (right mouse in putty) the above command (but with your email address)

6) Hit enter.