How to Update ClamAV and it’s Virus Definitions on a cPanel Server

Clam AntiVirus (ClamAV) is an antivirus software toolkit. It is supported by cPanel and you can install it from WHM. To install ClamAV, login to  WHM Main >> Plugins >> Configure ClamAV Scanner.

To enable ClamAV Scanner:

  1. Select the check boxes corresponding to ClamAV.
  2. Click Save.
This will install the ClamAV in your cpanel server. It may take a few minutes depending on the hardware of your server.

Once you have enabled and configured ClamAV, we recommend that you create a root cronjob to run daily during off-peak hours. The cronjob should run the following command:

for i in `awk '!/nobody/{print $2 | "sort | uniq" }' /etc/userdomains | sort | uniq`; do /usr/bin/clamscan -i -r /home/$i 2>>/dev/null; done >> /root/infections&

This command will sweep iframe injections across your /home/$user directories and detect spam mail.  You can go through them and ignore the false positives.

Update Virus Definitions

ClamAV keeps its own local database which need to be updated as new and new viruses and malwares are appearing daily.  When ClamAV installs, it adds a cron job to update the virus definitions.. If you need to do it manually,  you need to login to SSH to the server and run this command.


Eventhough clam is good in finding the viruses in mails and uploaded files, some times, it fails to detects code injections and some malware which injected to your htmls and .js files due to the code vulnerabilities. You always need to be on top of your codes and the account so that your files will be free from viruses.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close Menu