How To Integrate ClamAV Into PureFTPd For Virus Scanning On Mandriva 2010.0

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Mon, 2010-06-28 15:44. :: Mandriva | FTP | Security

How To Integrate ClamAV Into PureFTPd For Virus Scanning On Mandriva 2010.0

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Follow me on Twitter
Last edited 04/14/2010

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on a Mandriva 2010.0 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

You should have a working PureFTPd setup on your Mandriva 2010.0 server, e.g. as shown in this tutorial: Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On Mandriva 2009.1 (yes, it's for Mandriva 2009.1, but works for Mandriva 2010.0 as well).

 

2 Installing ClamAV

ClamAV can be installed as follows:

urpmi clamd clamav

Next we create the system startup links for clamd and freshclam and start them:

chkconfig clamd on
chkconfig freshclam on
/etc/init.d/clamd start

freshclam
/etc/init.d/freshclam start

 

3 Configuring PureFTPd

First we open /etc/pure-ftpd/pure-ftpd.conf and set CallUploadScript to yes :

vi /etc/pure-ftpd/pure-ftpd.conf

[...]
# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.

CallUploadScript yes
[...]

Next we create the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...

vi /etc/pure-ftpd/clamav_check.sh

#!/bin/sh
/usr/bin/clamdscan --remove --quiet --no-summary "$1"

... and make it executable:

chmod 755 /etc/pure-ftpd/clamav_check.sh

Now we start the pure-uploadscript program as a daemon - it will call our /etc/pure-ftpd/clamav_check.sh script whenever a file is uploaded through PureFTPd:

pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh

Of course, you don't want to start the daemon manually each time you boot the system - therefore we open /etc/rc.local...

vi /etc/rc.local

... and add the line /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh to it - e.g. as follows: 

#!/bin/sh
#
### BEGIN INIT INFO
# Provides: rc.local
# X-Mandriva-Compat-Mode
# Default-Start: 2 3 4 5
# Short-Description: Local initialization script
# Description: This script will be executed *after* all the other init scripts.
#              You can put your own initialization stuff in here if you don't
#              want to do the full Sys V style init stuff.
### END INIT INFO

/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh
touch /var/lock/subsys/local

Finally we restart PureFTPd:

/etc/init.d/pure-ftpd restart

That's it! Now whenever someone tries to upload malware to your server through PureFTPd, the "bad" file(s) will be silently deleted.

 

4 Links


Copyright © 2010 Falko Timme
All Rights Reserved.
add comment | view as pdf view as pdf | Display a printer-friendly version of this page. print
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.