Add ClamAV as module in Plesk to protect better the server. Thank you Parallels Team.
Is easy to use.
+1 would love to have ClamAV in Plesk management.
Clam allows blocking by attachment type, even if the attachment is inside a ZIP file
Alpha Computer and Web Services commented
I've tried the Plesk anti-virus and anti-spam programs, I found they didn't really tell you, or do anything at all. WAF = Modsecurity is pretty good have that enabled with subscription. But you still need more in my opinion. Being able to Implement ClamAV FTP, HTTPD realtime scanning and Amavisd-New for antispam and email antivirus in Plesk with not having to do it manually. would be a great thing for a lot of people that don't know much about plesk and with a low budget.
https://admin-ahead.com/products/plesk-plugins/ has plugins for Plesk ClamAV, but for email you'll have to manually setup Amavisd-New. Which you can use ClamAV and hundreds of other email antivirus scanners with Amavisd-New.
@Anon: very good points, much appreciated!
Several reasons for the inclusion of ClamAV (which are important for my company):
1. We already have an infrastructure service with the central repository signatures ClamAV. If Plesk will maintain ClamAV out of the box, we can simply plug it into our infrastructure
2. ClamAV is free and is open source
3. In the event of a plurality of false-positives hosting provider will be able to remove poor-quality signature itself and will not bother its users erroneous notifications
4. We have scripts to scan files using ClamAV, that uploaded via ftp, and subsequent notification for users (at the end of the session ftp).
Gustavo Morgado commented
MORE INPUT REQUIRED? I don´t think so.
Plesk really offers 2 High-Quality antivirus, for some bucks $$$. We want 3 high quality antivirus, so, one of them is FREE (Clamav), then we can choose to pay for Karpesky, Dr Webb or stay with free Clamav.
This is the point.
Very well said, agree 100%.
On a somewhat different note I stumbled across Admin-Ahead Realtime File Upload Scanner 1.0 in the extentions catalog. Apparently they've already taken the time to integrate ClamAV into plesk without any extra setup. They just seem to think it reasonable to charge $4 for something that should be free.
@BC (small business owner)
As a small business owner you should know the importance of time management. It takes time and resources to include new software into plesk. This isn't something they can say "Yep it's free, so it's included" Their devs have to not only include the new package but setup the GUI to work with it as well. Plesk (or any admin panel) has certain code that must be added to for every new piece of software included. As Mislav stated, it's much easier for us as system admins to add it manually to our local servers than it is for the Plesk team to add it globally. Justify your responses with reasons what features make ClamAV is better than what is offered as they've requested.
The main problem of society today is they want everything as final product without any manual work.
Whatever you will say, in every company there must be a system administrator to take care of things like this. I never payed a penny to plesk for some other products, only the licence and I never had problems with stuff like this (I did, before I learned how to do this) - and I'm using plesk since version 9.
People are paying for jugger firewall, kaspersky antivirus and other solutions provided, which are, don't get me wrong, just fine and they're working, but you can setup everything on your own.
I setup-ed fail2ban on all of our servers even before plesk announced changes coming in plesk 12 and it was working, even apf firewall solution with IP banning (it's still on forums). People were complaining about incremental backups for years - I've also made a script for that - so it is possible - this one is also on forums.
Why paying for some spam solution if you can integrate both clamav/amavis into postfix and that is working just fine in REAL TIME? You can also put addition rules to block different hosts, rules and you can even use different RBL there. How do you think people used different PHP versions under plesk before version 12 and option to just add new version in handler list? Manual way, yes, nothing automatically. In addition to that, clamav can scan command line, right? So you can even setup cronjob to scan emails ONLY (not vhosts) and move infected files to some quarantine folder.
In the end it all comes to this:
- I didn't come here to tell everyone how cool or uncool I am
- I came here to tell sys admins outside there to learn and do your job, otherwise switch to windows platform and do the clicky stuff there or change job
- if you're small company and don't have budget, do it my way and you will learn from this manual setups 500% more then all others, because this is what it takes to be a linux sys administrator (you can always automate things later)
- if you're lazy and have money - purchase the product and hope everything is fine (in the end, you don't know how this work)
- if you're lazy and don't have money - change the job, don't complain
Yes, I gave 3 votes in the end, because, although it is free, it's very powerful tool as already mentioned and if something is free it doesn't essentially means it's worse product/solution then payed option (also widely used, documented, etc.)
I know it takes time to implement, but just like fail2ban was integrated, clamav should be as well.
I forgot even what to type more, I want voice recorder here so I can just talk and afterwards I just post new comment.
BC (small business owner) commented
@Sergey & Jake Why isn't the fact thats its a free AV not a good argument. If thats not an argument u could ask thousands of dollars for one single plesk licence or an antivirus module. We got a bussiness to run. Mine is small, so i need to keep the costs low, to make some profit.
Not only is ClamAv free, its fast, reliable, its widely used, well documentated, known and used by a huge group. Due that de current AV is IMO pretty expensive compared to my monthly costs of a full managementpanel: plesk (im a very small businessuser). Cause of this reason, me and many others with me use ClamAv. Integration with Plesk would save this big group of customers a lot of time. I think cause of this reason its in te top 10 of features requests. Besides, other panels have it, why shouldn't plesk have it?
Thanks! Very good points
Even though ClamAV is free it still requires time and effort for the Plesk team to incorporate it into their panel. The argument that it's free so add it could be applied to about 1000 different things. If you want them to add it then you need to add constructive comments to the post.
I think ClamAV should be added for the reason that it's free.
FTP users are human and fallible even if they can be 100% trusted not to upload malicious content on purpose it can happen by mistake. Also we allow file transfers through our Teamspeak 3 server and I don't think mod_security would scan those files. We don't want to be known for redistributing comprised content.
I've personally never had any load issues with ClamAV but have reached out to a couple others I work with to ask about their experiences. ClamAV supports live scanning of mail, and ftp traffic (via mod_clamav which can be configured to listen on multiple sockets or ports) which would create no noticeable load on most systems HTTP uploads are also supported. Of course full system scans should be run regularly but can be configured to be run in small batches on specific directories one after another rather than the whole system at once.
Lloyd Day commented · May 03, 2015 12:04
Just make sure to configure freshclam to run with cron rather than daemon as that's the real resource hog.
Running freshclam via cron every hour uses next to none from what I have seen on my servers.
Well, your FTP users indeed can upload trojans or malicious code embedded in PDF files and images. But it cannot harm your server security, it will harm their site visitors, who will download those files. So I wonder how is your server impacted with these uploads?
From server security standpoint, server admin shall probably be much more concerned for malicious HTTP uploads (not FTP), which are performed normally via a vulnerability in a hosted site and potentially can take over that site in a hidden manner or can take over a server (only in a combination with some other vulnerability, of course). mod_security shall be good solution against that, when accompanied by quality ruleset (such as the one from AtomicCorp). I don't fully understand how ClamAV is efficient here, given that it is very far from 100% efficiency and regular complete scans would likely cause huge load on a server.
We observed a number of complains on high load from antiviruses scanning servers, but we have no positive data on their efficience. What is your experience about ClamAV file scan?
Uplaods may contain any number of threats from viruses and trojans to malicious code embedded in images or PDFs. That the ability to scan for these threats is currently missing from plesk has us considering a move back to cPanel.
How scan of ftp uploads would improve your server security?
Not only is clamAV free but it has the ability to scan ftp uploads as well, not just emails. This is a huge oversight in plesk server security. Especially with the statement "Plesk is the most effective, flexible and secure web control panel for professional hosting providers and webmasters..." On your homepage.
It's free !! :D
yes and yes again. 1+ Why not @Plesk?
ClamAV is a free anti-virus solution that has never let me down when it comes to viruses, malware and other threats. I use a script to use clamscan on the server as you do not want us to use a free virus scanner. You always keep pushing us to keep paying more and more ...