How to Install ClamAV Antivirus on a cPanel Server

Clam AntiVirus (ClamAV) is an antivirus software toolkit. It is supported by cPanel and you can install ClamAV from WHM. It can be used to check viruses in mails and in the website content.

It is licensed under the GNU and is free for all to use. It can detect numerous malicious software and viruses. Because of the low vulnerability of Unix systems to viruses, ClamAV has established itself as the standard for mail server gateway scanning of emails.

Third party versions of ClamAV are available for platforms such as AIX, BSD, HP-UX, Linux, Mac OS X, OpenVMS, OSF and Solaris. ClamAV build version 0.96 can run on Microsoft Windows as well. The latest version is 0.97.

ClamAV: Prominent Utilities

The most prominent utilities of ClamAV are mentioned below:

  • Command-line scanning,
  • Automatic database update, and
  • Scalable multi-threaded daemon, which runs on an anti-virus engine from a shared library
To install this in your cPanel server, you need to login to WHM as root, then navigate to the cPanel Plugin area.


Check the ” Install and keep updated” Box against the ClamAV and click Save at the bottom.


Once you have enabled and configured ClamAV, we recommend that you create a root cronjob to run daily during off-peak hours. The cronjob should run the following command:

for i in `awk '!/nobody/{print $2 | "sort | uniq" }' /etc/userdomains | sort | uniq`; do /usr/bin/clamscan -i -r /home/$i 2>>/dev/null; done >> /root/infections&

This command will sweep iframe injections across your /home/$user directories and detect spam mail.  You can go through them and ignore the false positives.

Using ClamAV

Once installed, you will be able to see  an icon in the WHM -> Plugin area for the ClamAV and we can perform a scan of the server from that web interface.  You can use the ” User Configuration area to select users to scan.

Update Virus Definitions.

ClamAV keeps its own local database which need to be updated as new and new viruses and malwares are appearing daily.  When ClamAV installs, it adds a cron job to update the virus definitions.. If you need to do it manually,  you need to login to SSH to the server and run this command.


Eventhough clam is good in finding the viruses in mails and uploaded files, some times, it fails to detects code injections and some malware which injected to your htmls and .js files due to the code vulnerabilities. You always need to be on top of your codes and the account so that your files will be free from viruses.

Close Menu