Scan for viruses

[akhasis]

Hello,

I'm using a Zentyal server, among other things, as a web server. I have the antivirus enabled, and web page files are shared via samba.

I found out recently that my server has been repeatedly attacked via wso shell trojans. They are all hosted at the web page directories.

My desktop antivirus detects the trojan and refuses to open the file, so I guess it shouldn't be that difficult for the Zentyal antivirus to spot and block, quarantine or delete them, but it obviously hasn't.

Do I have to manually launch the scan for viruses, or should it be something Zentyal does on its own? If so, why hasn't it helped my server from being attacked? Am I doing anything wrong?

Thank you!

[robb]

Maybe you should investigate how a php script can be put on your webserver in the first place.

The antivirus implemented on Zentyal is based on ClamAV. Unfortunately you can't modify too much through the web interface, only activate the module and add samba shares to be actively scanned.
Maybe you could schedule a scan through a cron job to scan your server periodically. (for instance once a day or week) 

[StuartNaylor]

What you can do is try the directories manually

Code: [Select]

clamscan
Clamav can be hit and miss at times. I usually double up with avast being my preference on windows desktops.

[robb]

IMO 2 different AV solutions on 1 box is a bad idea... They might work against each other and may slow down your server considerably.

[StuartNaylor]

That is why I double up with clamav on the server and avast on my desktops.

[akhasis]

Sorry I couldn't reply sooner.

Thank you for your advice, I finally went with moving the pages to a external server, since I didn't feel safe having to scan manually or depend on so many conditions.