How To Integrate ClamAV Into PureFTPd For Virus Scanning On OpenSUSE 11.3

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Fri, 2011-03-11 16:01. :: SuSE | FTP | Security

How To Integrate ClamAV Into PureFTPd For Virus Scanning On OpenSUSE 11.3

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Follow me on Twitter
Last edited 01/31/2011

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on an OpenSUSE 11.3 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

You should have a working PureFTPd setup on your OpenSUSE 11.3 server, e.g. as shown in this tutorial: Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On OpenSUSE 11.3.

 

2 Installing ClamAV

ClamAV can be installed as follows:

yast2 -i clamav clamav-db

Next we create the system startup links for clamd and start it:

chkconfig --add clamd
/etc/init.d/clamd start

 

3 Configuring PureFTPd

First we open /etc/pure-ftpd/pure-ftpd.conf and set Umask to 133:022 (so that clamdscan has the correct permissions to read uploaded files) and CallUploadScript to yes :

vi /etc/pure-ftpd/pure-ftpd.conf

[...]
# File creation mask. <umask for files>:<umask for dirs> .
# 177:077 if you feel paranoid.

Umask                       133:022
[...]
# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.

CallUploadScript yes
[...]

Next we create the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...

vi /etc/pure-ftpd/clamav_check.sh

#!/bin/sh
/usr/bin/clamdscan --remove --quiet --no-summary "$1"

... and make it executable:

chmod 755 /etc/pure-ftpd/clamav_check.sh

Now we start the pure-uploadscript program as a daemon - it will call our /etc/pure-ftpd/clamav_check.sh script whenever a file is uploaded through PureFTPd:

pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh

Of course, you don't want to start the daemon manually each time you boot the system - therefore we open /etc/init.d/boot.local...

vi /etc/init.d/boot.local

... and add the line /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh to it - e.g. as follows:

#! /bin/sh
#
# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany.  All rights reserved.
#
# Author: Werner Fink <werner@suse.de>, 1996
#         Burchard Steinbild, 1996
#
# /etc/init.d/boot.local
#
# script with local commands to be executed from init on system startup
#
# Here you should add things, that should happen directly after booting
# before we're going to the first run level.
#

/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh

Finally we restart PureFTPd:

/etc/init.d/pure-ftpd restart

That's it! Now whenever someone tries to upload malware to your server through PureFTPd, the "bad" file(s) will be silently deleted.

 

4 Links


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Anonymous (not registered) on Thu, 2011-03-17 19:57.
http://seclists.org/fulldisclosure/2011/Mar/202
Submitted by bambam82 (registered user) on Fri, 2011-03-11 16:31.

Follow the steps up till the boot.local command. Instead use the following two lines.

ln -s /etc/pure-ftpd/clamav_check.sh /etc/init.d/pure-ftp_clamav_check
update-rc.d pure-ftp_clamav_check defaults

 After restart the service as described above.