Pyxsoft AntiMalware : Installation and Configuration (Step by Step Guide)

Pyxsoft antimalware Plugin for cPanel/WHM protects your server from attacker scripts such as c99shell, r57shell, ANIShell, and hundreds more. It is a real-time Anti Malware for cPanel/WHM. Attackers can take control of your servers or can damage your customer’s data by uploading one of these scripts.

Pyxsoft antimalware plugin works to protects your server in two ways

1.Protecting from the six entrance of server

  • SQL Injection
  • Legitimate Access (SSH, cPanel etc)
  • Web Forms
  • FTP
  • Brute Force Attacks
  • Installed Trojans or shells

2.With additional methods

Scanning all changes every night

On every night the Pyxsoft antimalware plugin will scan all the files changed during last day and the results are mailed to root administrator. The scan is small and will detect all the new malware installed in the server.

Blocking generic bad-requests

Pyxsoft antimalware plugin employs many Mod security rules that reject PHP injection, SQL injection and many known script vulnerabilities such as Timthumb exploit, Joomla password change exploit, OsCommerce upload exploit, and much more. It will keep the customers safe even if their scripts are unsafe and out of date. Also always remember that the Pyxsoft antimalware plugin will help you managing your servers, it not replaces the administrator.

There are also certain cases where Pyxsoft antimalware plugin will not provide protection. These are as follows:

  • If attacker steals or guess your SSH password.
  • If you don’t delete the malware found in the regular scan.
  • If your server is already hacked with a rootkit.
  • Malware uploaded via cPanel file manager will be detected at the night scan.

Scanning your whole server

Initially the Pyxsoft antimalware plugin will scan the entire server to find out the installed malware. The definitions include ClamAV database and 6,000 additional malware signatures including perl files, PHP shells, PHP uploaders, PHP downloaders, IRC bots and Mass Mailers.
You will get the detailed list of the infected files once the scanning of the server is finished. Scanning is called with the nice Linux commands. Scanning the whole server will not increase the server load in more than 1 or 1.5 units.

Inspecting uploads

Most important feature is that the customers never upload PHP scripts using HTML formats. Pyxsoft antimalware plugin will scan all HTTP and FTP files in real time. All perl and PHP scripts will be rejected in HTTP uploads. If you keep Pyxsoft antimalware plugin to inspect all HTTP uploads while starting a new server, the chance of hacking can be reduced.

Attackers tries all new discovered script vulnerabilities. Many times, attackers have user and password for WordPress, Joomla or OsCommerce sites and can use them to upload malware scripts. Even in those cases, they will not be able to upload their scripts.

For the proper working Pyxsoft antimalware plugin needs,

  • WHM/cPanel version 11.30 or superior
  • Apache Web Server
  • Mod Security 2.5 or superior installed
  • Internal WHM Ioncube loader enabled
  • ClamAV Antivirus installed

Note : Pyxsoft antimalware plugin will not work with Lighttpd, Litespeed or Nginx web servers. The plugin will work in trial mode for 7 days even if you don’t have license.

Installing & configuring the Pyxsoft antimalware plugin

For installing the Pyxsoft antimalware plugin, execute the following commands in a SSH console:

root@server [~]# cd ~

root@server [~]# wget http://www.pyxsoft.com/software/antimalware/anti_malware.tar.gz

root@server [~]# tar -xzf anti_malware.tar.gz

root@server [~]# cd anti_malware

root@server [~]# sh install.sh

If the installation is completed successfully, enter WHM and go to Pyxsoft Antimalware.

Installing Mod Security

The following steps are to be performed to install mod security, and care should be taken when recompiling the system. (Do it at your own risk.)

  • Log into your WHM panel
  • Click on EasyApache option
  • Click on “Previously Saved Config” and “Start cusomizing based on profile” button.
  • Select Apache 2.2 (or Apache 2 if you use PHP 4) and go to Next Step
  • Select your preferred PHP Version. PHP 5 is recommended. Go to Next Step.
  • Select minor version or use the selected one. Go to Next Step.
  • Check the Mod Security option. Leave the other options as suggested.
  • Click “Save and Build”
  • Click on “Yes” when asked you to recompile Apache and PHP and wait until the process is finished.

Enabling Ioncube

Follow the steps to enable the internal ioncube loaders in order to execute Pyxsoft antimalware plugin.

  • Log into your WHM panel
  • Go to Tweak Settings Click PHP
  • Check ‘ioncube’ in cPanel PHP loader. If you had selected source guardian, it means that you probably have another extension in conflict with Anti Malware Plugin.
  • Save the changes.

Installing ClamAV

Installing ClamAV is easier while compared to the installation of mod security. Steps are as follows

  • Log into your WHM panel
  • Click on Manage Plugins option.
  • At the right side of the screen, locate ClamAV and check “Install and keep updated”
  • Click Save.

cPanel will take about 20 minutes to install ClamAV in your server and the operation should not be interrupted in between.

Uninstalling the Pyxsoft antimalware plugin

For uninstalling the Pyxsof antimalware plugin, execute the following commands in a SSH console:

root@server [~]# cd /usr/share/ilabs_antimalware/includes

root@server [~]# sh uninstall.sh

You should verify that your Apache (httpd) and ftp (pure-ftpd) services are running after uninstalling the Pyxsoft antimalware plugin.

Screenshots of Pyxsoft antimalware plugin in WHM

configuring Pyxsoft Antimalware

General Settings : Here we can set the common settings for the plugin.