Plesk provide 2 antivirus software with its default installation.
Odin Premium Antivirus
Kaspersky Antivirus (Required separate license)
Dr.Web antivirus is used as “Odin Premium Antivirus” on Plesk Linux. Visit Dr.Web website for more information.
The major drawback of Odin Premium Antivirus is it scans mailbox only.
I was looking for a solution, which can scan the mailboxs as well as web contents uploaded by end user.
Finally I found ClamAV, which can be used with postfix milter, as well as it can scan file system.
ClamAV implementation on Plesk is pretty simple and straight forward.
Lets install ClamAV on Plesk linux server :
Install EPEL repository , but make it as disable to avoid package conflict with Plesk repository.
# rpm –Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm # sed -i 's/^\(enabled\s*=\s*\).*$/\10/' /etc/yum.repos.d/epel.repo
Install all ClamAV packages from EPEL repository
# yum install –enablerepo=epel clamav clamd clamav-milter
Update virus database
Add the clamd and clamav-milter to syatem startup script and start clamd service
# chkconfig clamd on # chkconfig clamav-milter on
Adjust clamav-milter to work with existing postfix milter program
Change and uncomment the following lines in /etc/clamav-milter.conf
# Default: unset (don't drop privileges) User postfix AddHeader Add OnInfected Reject OnFail Defer
Start clamd deamon and clamav-milter services
# service clamd start # service clamav-milter start
Change the milter program in /etc/postfix/main.cnf
Replace the following line
Reload postfix service to take effect
# service posrfix reload
Is it really working?
Lets make some test to check if the ClamAV is working
Plesk 12.5 [10.0.50.14] , Centos 6 Domain : cos601.tld firstname.lastname@example.org Plesk 12.5 [10.0.50.15], Centos 7 Domain : cos701.tld email@example.com
I have tried to send a mail from firstname.lastname@example.org to email@example.com with EICAR: Anti-Malware Test File attached.
Here is the test result:
Jun 18 10:27:47 pp1253 postfix/smtpd: connect from unknown[10.0.50.15] Jun 18 10:27:47 pp1253 postfix/smtpd: 37935F681B6: client=unknown[10.0.50.15] Jun 18 10:27:47 pp1253 postfix/cleanup: 37935F681B6: message-id=<firstname.lastname@example.org> Jun 18 10:27:47 pp1253 postfix/cleanup: 37935F681B6: milter-reject: END-OF-MESSAGE from unknown[10.0.50.15]: 5.7.1 Command rejected; from=<email@example.com> to=<firstname.lastname@example.org> proto=ESMTP helo=<pp1253.cos7x64.nhit.local> Jun 18 10:27:47 pp1253 postfix/smtpd: disconnect from unknown[10.0.50.15]
It is clearly visible that the mail has been rejected by milter.
Its time to secure web content
On Linux there is no real-time antivirus, in this case you could run a clamscan in cron during quiet periods
Add the following command to Plesk scheduler task to scan /var/www/vhosts/ directory and a summery mail will be sent to your mailbox
clamscan --tempdir=/tmp/ --infected --recursive /var/www/vhosts/ | mail -s "Clamscan Report" email@example.com
Congratulation’s! You have successfully installed clamav on Plesk linux server. Thanks for using this tutorial to install clamav on Plesk linux serer .