How To Integrate ClamAV Into PureFTPd For Virus Scanning On Fedora 18

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Fri, 2013-02-08 18:42. :: Fedora | FTP | Security

How To Integrate ClamAV Into PureFTPd For Virus Scanning On Fedora 18

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Follow me on Twitter
Last edited 02/05/2013

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on a Fedora 18 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

You should have a working PureFTPd setup on your Fedora 18 server, e.g. as shown in this tutorial: Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On Fedora 18.

 

2 Installing ClamAV

ClamAV can be installed as follows:

yum install amavisd-new clamav clamav-data clamav-server clamav-update clamav-scanner

Next we create the system startup links for clamd and start it:

systemctl enable clamd.amavisd.service
systemctl start clamd.amavisd.service

 

3 Configuring PureFTPd

First we open /etc/pure-ftpd/pure-ftpd.conf and set CallUploadScript to yes :

vi /etc/pure-ftpd/pure-ftpd.conf

[...]
# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.

CallUploadScript yes
[...]

Next we create the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...

vi /etc/pure-ftpd/clamav_check.sh

#!/bin/sh
/usr/bin/clamdscan --remove --quiet --no-summary "$1"

... and make it executable:

chmod 755 /etc/pure-ftpd/clamav_check.sh

Now we start the pure-uploadscript program as a daemon - it will call our /etc/pure-ftpd/clamav_check.sh script whenever a file is uploaded through PureFTPd:

pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh

Of course, you don't want to start the daemon manually each time you boot the system - therefore we open /etc/rc.local...

vi /etc/rc.local

... and add the line /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh to it - e.g. as follows:

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh
touch /var/lock/subsys/local

If /etc.rc.local does not exist, create it (with the #!/bin/sh line in the beginning) and then make it executable:

chmod 755 /etc/rc.local

Finally we restart PureFTPd:

systemctl restart pure-ftpd.service

That's it! Now whenever someone tries to upload malware to your server through PureFTPd, the "bad" file(s) will be silently deleted.

 

4 Links


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.