how can I integrate mod_clamav into proftpd?

Discussion in 'Server Operation' started by arastirici, Oct 13, 2011.

  1. arastirici

    arastirici New Member

    I followed your related page while intalling the perfect lamb server on ubuntu11.04 and ispconfig2. it works well but I 'd like to add mod_clamav into proftpd1.3 to integrate.
    to this I followed at "http://www.howtoforge.com/how-to-integrate-clamav-through-mod_clamav-into-proftpd-for-virus-scanning-on-ubuntu-10.04"
    it seems to work when i run # proftpd -vv I see mod_clamav
    - setting default address to 127.0.0.1
    ProFTPD Version: 1.3.3d (maint)
    Scoreboard Version: 01040003
    Built: Thu Oct 13 2011 17:54:10 EEST

    Loaded modules:
    mod_ifsession/1.0
    mod_unique_id/0.1
    mod_facl/0.4
    mod_sftp_pam/0.1
    mod_sftp/0.9.7
    mod_site_misc/1.4
    mod_ratio/3.3
    mod_shaper/0.6.6
    mod_exec/0.9.9
    mod_vroot/0.8.5
    mod_dynmasq/0.3
    mod_wrap2_file/1.2
    mod_wrap2/2.0.6
    mod_ban/0.5.5
    mod_load/1.0.1
    mod_rewrite/0.8
    mod_wrap/1.2.3
    mod_quotatab_radius.c
    mod_quotatab_file.c
    mod_quotatab/1.3.0
    mod_radius/0.9.1
    mod_tls/2.4.2
    mod_ctrls_admin/0.9.6
    mod_lang/0.9
    mod_ctrls/0.9.4
    mod_cap/1.0
    mod_clamav.c
    mod_auth_pam/1.1
    mod_ident/1.0
    mod_dso/0.5
    mod_facts/0.1
    mod_delay/0.6
    mod_site.c
    mod_log.c
    mod_ls.c
    mod_auth.c
    mod_auth_file/0.8.3
    mod_auth_unix.c
    mod_xfer.c
    mod_core.c


    But it doesn't work when I test via ftp.

    What can be the problem ?
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Did you check your logs?

    Can you post your /etc/proftpd/proftpd.conf? Is clamd running?
     
  3. arastirici

    arastirici New Member

    clamd works. Already if I run clamdscan -i suspect.file it finds it.

    # netstat -l |grep clamd
    unix 2 [ ACC ] STREAM LISTENING 129945 /tmp/clamd

    Include /etc/proftpd/modules.conf

    # Set off to disable IPv6 support which is annoying on IPv4 only boxes.
    UseIPv6 on
    # If set on you can experience a longer connection delay in many cases.
    IdentLookups off
    DefaultRoot ~
    ServerIdent on "FTP Server ready."


    ServerName "Debian"
    ServerType standalone
    DeferWelcome off

    MultilineRFC2228 on
    DefaultServer on
    ShowSymlinks on

    TimeoutNoTransfer 600
    TimeoutStalled 600
    TimeoutIdle 1200

    DisplayLogin welcome.msg
    DisplayChdir .message true
    ListOptions "-l"

    DenyFilter \*.*/

    # Use this to jail all users in their homes
    # DefaultRoot ~

    # Users require a valid shell listed in /etc/shells to login.
    # Use this directive to release that constrain.
    # RequireValidShell off

    # Port 21 is the standard FTP port.
    Port 21

    # In some cases you have to specify passive ports range to by-pass
    # firewall limitations. Ephemeral ports can be used for that, but
    # feel free to use a more narrow range.
    # PassivePorts 49152 65534

    # If your host was NATted, this option is useful in order to
    # allow passive tranfers to work. You have to use your public
    # address and opening the passive ports used on your firewall as well.
    # MasqueradeAddress 1.2.3.4

    # This is useful for masquerading address with dynamic IPs:
    # refresh any configured MasqueradeAddress directives every 8 hours
    <IfModule mod_dynmasq.c>
    # DynMasqRefresh 28800
    </IfModule>

    # To prevent DoS attacks, set the maximum number of child processes
    # to 30. If you need to allow more than 30 concurrent connections
    # at once, simply increase this value. Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances 30

    # Set the user and group that the server normally runs at.
    User proftpd
    Group nogroup

    # Umask 022 is a good standard umask to prevent new files and dirs
    # (second parm) from being group and world writable.
    Umask 022 022
    # Normally, we want files to be overwriteable.
    AllowOverwrite on

    # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
    # PersistentPasswd off

    # This is required to use both PAM-based authentication and local passwords
    # AuthOrder mod_auth_pam.c* mod_auth_unix.c

    # Be warned: use of this directive impacts CPU average load!
    # Uncomment this if you like to see progress and transfer rate with ftpwho
    # in downloads. That is not needed for uploads rates.
    #
    # UseSendFile off

    TransferLog /var/log/proftpd/xferlog
    SystemLog /var/log/proftpd/proftpd.log

    # In order to keep log file dates consistent after chroot, use timezone info
    # from /etc/localtime. If this is not set, and proftpd is configured to
    # chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight
    # savings timezone regardless of whether DST is in effect.
    #SetEnv TZ :/etc/localtime

    <IfModule mod_quotatab.c>
    QuotaEngine off
    </IfModule>

    <IfModule mod_ratio.c>
    Ratios off
    </IfModule>


    # Delay engine reduces impact of the so-called Timing Attack described in
    # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
    # It is on by default.
    <IfModule mod_delay.c>
    DelayEngine on
    </IfModule>

    <IfModule mod_ctrls.c>
    ControlsEngine off
    ControlsMaxClients 2
    ControlsLog /var/log/proftpd/controls.log
    ControlsInterval 5
    ControlsSocket /var/run/proftpd/proftpd.sock
    </IfModule>

    <IfModule mod_ctrls_admin.c>
    AdminControlsEngine off
    </IfModule>

    <IfModule mod_clamav.c>
    ClamAV on
    ClamServer 127.0.0.1
    ClamPort 3310
    </IfModule>

    #
    # Alternative authentication frameworks
    #
    #Include /etc/proftpd/ldap.conf
    #Include /etc/proftpd/sql.conf

    #Include /etc/proftpd/tls.conf
    #
    # Useful to keep VirtualHost/VirtualRoot directives separated
    #
    #Include /etc/proftpd/virtuals.con
    # A basic anonymous configuration, no upload directories.
    # <Anonymous ~ftp>
    # User ftp
    # Group nogroup
    # # We want clients to be able to login with "anonymous" as well as "ftp"
    # UserAlias anonymous ftp
    # # Cosmetic changes, all files belongs to ftp user
    # DirFakeUser on ftp
    # DirFakeGroup on ftp
    #
    # RequireValidShell off
    #
    # # Limit the maximum number of anonymous logins
    # MaxClients 10
    #
    # # We want 'welcome.msg' displayed at login, and '.message' displayed
    # # in each newly chdired directory.
    # DisplayLogin welcome.msg
    # DisplayChdir .message
    #
    # # Limit WRITE everywhere in the anonymous chroot
    # <Directory *>
    # <Limit WRITE>
    # DenyAll
    # </Limit>
    # </Directory>
    #
    # # Uncomment this if you're brave.
    # # <Directory incoming>
    # # # Umask 022 is a good standard umask to prevent new files and dirs
    # # # (second parm) from being group and world writable.
    # # Umask 022 022
    # # <Limit READ WRITE>
    # # DenyAll
    # # </Limit>
    # # <Limit STOR>
    # # AllowAll
    # # </Limit>
    # # </Directory>
    #
    # </Anonymous>

    # Include other custom configuration files
    Include /etc/proftpd/conf.d/
    Include /etc/proftpd_ispconfig.conf
     
  4. falko

    falko Super Moderator ISPConfig Developer

    Can you change
    Code:
    <IfModule mod_clamav.c>
    ClamAV on
    ClamServer 127.0.0.1
    ClamPort 3310
    </IfModule>
    to

    Code:
    ClamAV on
    ClamServer 127.0.0.1
    ClamPort 3310
    and restart ProFTPd? If the module isn't loaded, you should get an error that these directives are not known.
     
  5. arastirici

    arastirici New Member

    I changed the code;

    ClamAV on
    ClamServer 127.0.0.1
    ClamPort 3310

    I restarted proftpd without any error.

    proftpd works

    # /etc/init.d/proftpd restart
    * Stopping ftp server proftpd
    ...done.
    * Starting ftp server proftpd
    - setting default address to 127.0.0.1
    ...done.
    [email protected]:/usr/src# proftpd -vv
    - setting default address to 127.0.0.1
    ProFTPD Version: 1.3.4rc2 (devel)
    Scoreboard Version: 01040003
    Built: Sun Oct 16 2011 22:12:31 EEST

    Loaded modules:
    mod_ifsession/1.1
    mod_unique_id/0.2
    mod_facl/0.4
    mod_sftp_pam/0.2
    mod_sftp/0.9.7
    mod_site_misc/1.4
    mod_ratio/3.3
    mod_shaper/0.6.6
    mod_exec/0.9.10
    mod_dynmasq/0.4
    mod_wrap2_file/1.2
    mod_wrap2/2.0.6
    mod_ban/0.6
    mod_load/1.0.1
    mod_rewrite/0.9
    mod_wrap/1.2.3
    mod_quotatab_radius.c
    mod_quotatab_file.c
    mod_quotatab/1.3.0
    mod_radius/0.9.1
    mod_tls/2.4.2
    mod_ctrls_admin/0.9.7
    mod_lang/0.9
    mod_ctrls/0.9.4
    mod_cap/1.1
    mod_clamav.c
    mod_auth_pam/1.1
    mod_ident/1.0
    mod_dso/0.5
    mod_facts/0.3
    mod_delay/0.6
    mod_site.c
    mod_log.c
    mod_ls.c
    mod_auth.c
    mod_auth_file/0.9
    mod_auth_unix.c
    mod_xfer.c
    mod_core.c
     
  6. falko

    falko Super Moderator ISPConfig Developer

    Then I'm running out of ideas... :(
     
  7. arastirici

    arastirici New Member

    Could the second proftpd daemon be run?

    How can I check it ?

    I wanna specify that I followed the installation intructions completely.
    Besides I reinstalled proftpd, clamav and mod_clamav ..
    the problem is still going on.


    Thanks
     
  8. falko

    falko Super Moderator ISPConfig Developer

    What second ProFTPd daemon?
     
  9. arastirici

    arastirici New Member

    There is no such a daemon.

    But I think that, is there a second proftpd daemon which doesn't support mod_clamav on the server. Or can be there a proftpd which is built on ubuntu11 ?
    Or proftpd doesn't work with mod_clamav.
     

Share This Page