There is a new version of this tutorial available for Debian 6 (Squeeze).

How To Integrate ClamAV Into PureFTPd For Virus Scanning On Debian Lenny

Version 1.0
Author: Falko Timme
Follow me on Twitter

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on a Debian Lenny system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

You should have a working PureFTPd setup on your Debian Lenny server, e.g. as shown in this tutorial: Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On Debian Lenny.

 

2 Installing ClamAV

ClamAV can be installed as follows:

aptitude install clamav clamav-daemon

 

3 Configuring PureFTPd

First we create the file /etc/pure-ftpd/conf/CallUploadScript which simply contains the string yes:

echo "yes" > /etc/pure-ftpd/conf/CallUploadScript

Next we create the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...

vi /etc/pure-ftpd/clamav_check.sh

#!/bin/sh
/usr/bin/clamdscan --remove --quiet --no-summary "$1"

... and make it executable:

chmod 755 /etc/pure-ftpd/clamav_check.sh

Now we edit /etc/default/pure-ftpd-common...

vi /etc/default/pure-ftpd-common

... and change the UPLOADSCRIPT line as follows:

[...]
# UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,
# pure-uploadscript will also be run to spawn the program given below
# for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or
# pure-uploadscript(8)

# example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl
UPLOADSCRIPT=/etc/pure-ftpd/clamav_check.sh
[...]

Finally we restart PureFTPd:

/etc/init.d/pure-ftpd-mysql restart

That's it! Now whenever someone tries to upload malware to your server through PureFTPd, the "bad" file(s) will be silently deleted.

 

Falko Timme

About Falko Timme

Falko Timme is an experienced Linux administrator and founder of Timme Hosting, a leading nginx business hosting company in Germany. He is one of the most active authors on HowtoForge since 2005 and one of the core developers of ISPConfig since 2000. He has also contributed to the O'Reilly book "Linux System Administration".

Share this page:

Suggested articles

2 Comment(s)

Add comment

Comments

By: Anonymous

Hi,  what happens if you ftp lots of small files, then your server is spanning clamav processes, which can make your server go to 100% cpu load.

if clamav-daemon is running we can use unix sockes to use clamd .

only thing is .. :-( i don't know how... :(

By: Borderamigos

Thank you.  Can this be done as well for sftp/scp servers?