How To Integrate ClamAV Into PureFTPd For Virus Scanning On Ubuntu 10.10

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Wed, 2011-04-20 15:39. :: Ubuntu | FTP | Security

How To Integrate ClamAV Into PureFTPd For Virus Scanning On Ubuntu 10.10

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Follow me on Twitter
Last edited 01/31/2011

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on an Ubuntu 10.10 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

You should have a working PureFTPd setup on your Ubuntu 10.10 server, e.g. as shown in this tutorial: Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On Ubuntu 10.10 (Maverick Meerkat).

Make sure that you are logged in as root (type in

sudo su

to become root), because we must run all the steps from this tutorial as root user.

 

2 Installing ClamAV

ClamAV can be installed as follows:

apt-get install clamav clamav-daemon

Start the ClamAV daemon:

/etc/init.d/clamav-daemon start

 

3 Configuring PureFTPd

First we create the file /etc/pure-ftpd/conf/CallUploadScript which simply contains the string yes:

echo "yes" > /etc/pure-ftpd/conf/CallUploadScript

Next we create the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...

vi /etc/pure-ftpd/clamav_check.sh

#!/bin/sh
/usr/bin/clamdscan --remove --quiet --no-summary "$1"

... and make it executable:

chmod 755 /etc/pure-ftpd/clamav_check.sh

Now we edit /etc/default/pure-ftpd-common...

vi /etc/default/pure-ftpd-common

... and change the UPLOADSCRIPT line as follows:

[...]
# UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,
# pure-uploadscript will also be run to spawn the program given below
# for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or
# pure-uploadscript(8)

# example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl
UPLOADSCRIPT=/etc/pure-ftpd/clamav_check.sh
[...]

Finally we restart PureFTPd:

/etc/init.d/pure-ftpd-mysql restart

That's it! Now whenever someone tries to upload malware to your server through PureFTPd, the "bad" file(s) will be silently deleted.

 

4 Links


Copyright © 2011 Falko Timme
All Rights Reserved.
add comment | view as pdf view as pdf | Display a printer-friendly version of this page. print
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
log infected files
Submitted by magenbrot (registered user) on Tue, 2011-05-17 16:04.
 if you don't want to discard infected files silently just change the line in the script to this:
 
/usr/bin/clamdscan --remove --no-summary "$1" | logger -t pure-ftpd-uploadscript

reply | view as pdf view as pdf