Admin-Ahead Community
Linux => Control Panels => cPanel => Topic started by: varghesepa on March 29, 2017, 06:50:20 pm
-
Create hex-dump of the malicious file using sigtool.
cat filename | sigtool --hex-dump | head -c 2048 > /usr/local/cpanel/3rdparty/share/clamav/customsig.ndb
Update the prefix content as follows.
Name:Type:Offset:HEX_OUTPUT
For example:
Trojan.PHP.WebShell:0:*:762317478314832483........
Give ownership and restart the clamd service
chown clamav.clamav /usr/local/cpanel/3rdparty/share/clamav/customsig.ndb
/scripts/restartsrv_clamd
Test using the below command
/usr/local/cpanel/3rdparty/bin/clamscan /path/to/malicious/file
:D ;D