How To Integrate ClamAV Into PureFTPd For Virus Scanning On Ubuntu 14.04LTS
Author: Falko Timme, updated by Srijan Kishore
This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on an Ubuntu 14.04LTS system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.
I do not issue any guarantee that this will work for you!
1 Preliminary Note
You should have a working PureFTPd setup on your Ubuntu 14.04 server, e.g. as shown in this tutorial: Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On Ubuntu 12.10.It is same for both 14.04 & 12.10
Make sure that you are logged in as root (type in
to become root), because we must run all the steps from this tutorial as root user.
2 Installing ClamAV
ClamAV can be installed as follows:
apt-get install clamav clamav-daemon clamav-data
to download the latest virus signatures, and the start the ClamAV daemon:
service clamav-daemon start
3 Configuring PureFTPd
First we create the file /etc/pure-ftpd/conf/CallUploadScript which simply contains the string yes:
echo "yes" > /etc/pure-ftpd/conf/CallUploadScript
Next we create the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...
#!/bin/sh /usr/bin/clamdscan --remove --quiet --no-summary "$1"
... and make it executable:
chmod 755 /etc/pure-ftpd/clamav_check.sh
Now we edit /etc/default/pure-ftpd-common...
... and change the UPLOADSCRIPT line as follows:
[...] # UPLOADSCRIPT: if this is set and the daemon is run in standalone mode, # pure-uploadscript will also be run to spawn the program given below # for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or # pure-uploadscript(8) # example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl UPLOADSCRIPT=/etc/pure-ftpd/clamav_check.sh [...]
Finally we restart PureFTPd:
service pure-ftpd-mysql restart
That's it! Now whenever someone tries to upload malware to your server through PureFTPd, the "bad" file(s) will be silently deleted.