*** last updated on 31 January, 2023 ***
The current version of Directadmin/CustomBuild uses packages from OS distributive to install ClamAV, i.e. rpm packages for CentOS/AlmaLinux/etc and deb packages for Debian/Ubuntu. In order to remove newly installed ClamAV from a server you might remove relative packages and disable the item in options.conf of CustomBuild.
The following guide might still work on old systems, where ClamAV is compiled and installed from sources. But some commands might not work with new CustomBuild script.
*** last updated on 12 January, 2018 ***
Whatever the reason might it be, if you decided to remove ClamAV previously installed by CustomBuild script on a Directadmin server here is a guide on how you can do it.
IMPORTANT: You should carefully read results of the suggested commands, i.e. when you copy/paste commands from this guide you should do it line by line and read what it outputs. You should stop following the guide if an error is produced after any of them. If you customized your configs (not config templates) manually you might loose all of your customization by running commands from this guide.
First of all you should connect to a server console as superuser root or use sudo.
Then you need to change a directory to custombuild of Directadmin and update its data and versions:
cd /usr/local/directadmin/custombuild ./build update
Then you will switch off ClamAV (this step does not remove ClamAV yet):
./build set clamav no
and disable all the related checks. The checks can not be used without ClamAV installed, and here you can see the list of them:
------------------------------------------ ClamAV-related Settings ------------------------------------------ clamav: yes, no. Current value: yes. Default value: no. clamav_exim: yes, no. Current value: yes. Default value: yes. modsecurity_uploadscan: yes, no. Current value: no. Default value: no. proftpd_uploadscan: yes, no. Current value: yes. Default value: no. pureftpd_uploadscan: yes, no. Current value: no. Default value: no. suhosin_php_uploadscan: yes, no. Current value: yes. Default value: no.
It's possible that some of the features used to be disabled before (by default), anyway we try and disable all of them, so here you go:
./build set clamav_exim no ./build set proftpd_uploadscan no ./build set pureftpd_uploadscan no ./build set suhosin_php_uploadscan no ./build set modsecurity_uploadscan no
Now you need to apply the changes and complete the ClamAV removal with the help of the following command:
Here you should see a line similar to the following: ClamAV has been successfully removed.
If you see something different, then you should either run the latest command again or try to find another solution depending on what error you got.
Since you removed ClamAV from the server you need to remove related code from exim.conf, so here is how you can do it:
If you see the error:
You cannot update Exim configuration files, because you do not have it set in options.conf file.
It's possible that you either never used custombuild to update exim.conf, or your exim.conf is customized and directadmin is not allowed to update it. You need to manually identify what is your case.
If you used to run a FTP server with a check of all uploaded via FTP files with the antivirus you should update its configuration. Run one of the following commands depending on what server it was.
Run the following commands if ClamAv has been successfully removed and you used to run PHP+suhosin+ClamAV for checking uploaded files with antivirus:
./build clean ./build php_ini
and make sure the command
php -i | grep suhosin.upload.verification_script
gives "no value" as a result or even an empty line.
And finally you need to update the web-server configs if you used to run mod_security with clamav checks. Run the following command: