How To Integrate ClamAV Into PureFTPd For Virus Scanning On OpenSUSE 11.2
Version 1.0
Author: Falko Timme
Follow me on Twitter
This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on an OpenSUSE 11.2 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.
I do not issue any guarantee that this will work for you!
1 Preliminary Note
You should have a working PureFTPd setup on your OpenSUSE 11.2 server, e.g. as shown in this tutorial: Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On OpenSUSE 11.2.
2 Installing ClamAV
ClamAV can be installed as follows:
yast2 -i clamav clamav-db
Next we create the system startup links for clamd and start it:
chkconfig --add clamd
/etc/init.d/clamd start
3 Configuring PureFTPd
First we open /etc/pure-ftpd/pure-ftpd.conf and set Umask to 133:022 (so that clamdscan has the correct permissions to read uploaded files) and CallUploadScript to yes :
vi /etc/pure-ftpd/pure-ftpd.conf
[...] # File creation mask. <umask for files>:<umask for dirs> . # 177:077 if you feel paranoid. Umask 133:022 [...] # If your pure-ftpd has been compiled with pure-uploadscript support, # this will make pure-ftpd write info about new uploads to # /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and # spawn a script to handle the upload. CallUploadScript yes [...] |
Next we create the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...
vi /etc/pure-ftpd/clamav_check.sh
#!/bin/sh /usr/bin/clamdscan --remove --quiet --no-summary "$1" |
... and make it executable:
chmod 755 /etc/pure-ftpd/clamav_check.sh
Now we start the pure-uploadscript program as a daemon - it will call our /etc/pure-ftpd/clamav_check.sh script whenever a file is uploaded through PureFTPd:
pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh
Of course, you don't want to start the daemon manually each time you boot the system - therefore we open /etc/init.d/boot.local...
vi /etc/init.d/boot.local
... and add the line /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh to it - e.g. as follows:
#! /bin/sh # # Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany. All rights reserved. # # Author: Werner Fink <[email protected]>, 1996 # Burchard Steinbild, 1996 # # /etc/init.d/boot.local # # script with local commands to be executed from init on system startup # # Here you should add things, that should happen directly after booting # before we're going to the first run level. # /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh |
Finally we restart PureFTPd:
/etc/init.d/pure-ftpd restart
That's it! Now whenever someone tries to upload malware to your server through PureFTPd, the "bad" file(s) will be silently deleted.
4 Links
- PureFTPD: http://www.pureftpd.org/
- ClamAV: http://www.clamav.net/
- OpenSUSE: http://www.opensuse.org/