How To Integrate ClamAV Into PureFTPd For Virus Scanning On Debian Lenny

Version 1.0
Author: Falko Timme
Follow me on Twitter
Last edited 04/12/2010

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on a Debian Lenny system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

You should have a working PureFTPd setup on your Debian Lenny server, e.g. as shown in this tutorial: Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On Debian Lenny.

 

2 Installing ClamAV

ClamAV can be installed as follows:

aptitude install clamav clamav-daemon

 

3 Configuring PureFTPd

First we create the file /etc/pure-ftpd/conf/CallUploadScript which simply contains the string yes:

echo "yes" > /etc/pure-ftpd/conf/CallUploadScript

Next we create the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...

vi /etc/pure-ftpd/clamav_check.sh

#!/bin/sh
/usr/bin/clamdscan --remove --quiet --no-summary "$1"

... and make it executable:

chmod 755 /etc/pure-ftpd/clamav_check.sh

Now we edit /etc/default/pure-ftpd-common...

vi /etc/default/pure-ftpd-common

... and change the UPLOADSCRIPT line as follows:

[...]
# UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,
# pure-uploadscript will also be run to spawn the program given below
# for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or
# pure-uploadscript(8)

# example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl
UPLOADSCRIPT=/etc/pure-ftpd/clamav_check.sh
[...]

Finally we restart PureFTPd:

/etc/init.d/pure-ftpd-mysql restart

That's it! Now whenever someone tries to upload malware to your server through PureFTPd, the "bad" file(s) will be silently deleted.

 

4 Links

Share this page:

2 Comment(s)

Add comment

Comments

From: Anonymous at: 2010-04-20 22:41:03

Hi,  what happens if you ftp lots of small files, then your server is spanning clamav processes, which can make your server go to 100% cpu load.

if clamav-daemon is running we can use unix sockes to use clamd .

only thing is .. :-( i don't know how... :(

From: Borderamigos at: 2010-04-17 14:53:23

Thank you.  Can this be done as well for sftp/scp servers?