How To Integrate ClamAV Into PureFTPd For Virus Scanning On OpenSUSE 11.3

Version 1.0
Author: Falko Timme
Follow me on Twitter

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on an OpenSUSE 11.3 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

You should have a working PureFTPd setup on your OpenSUSE 11.3 server, e.g. as shown in this tutorial: Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On OpenSUSE 11.3.

 

2 Installing ClamAV

ClamAV can be installed as follows:

yast2 -i clamav clamav-db

Next we create the system startup links for clamd and start it:

chkconfig --add clamd
/etc/init.d/clamd start

 

3 Configuring PureFTPd

First we open /etc/pure-ftpd/pure-ftpd.conf and set Umask to 133:022 (so that clamdscan has the correct permissions to read uploaded files) and CallUploadScript to yes :

vi /etc/pure-ftpd/pure-ftpd.conf

[...]
# File creation mask. <umask for files>:<umask for dirs> .
# 177:077 if you feel paranoid.

Umask                       133:022
[...]
# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.

CallUploadScript yes
[...]

Next we create the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...

vi /etc/pure-ftpd/clamav_check.sh

#!/bin/sh
/usr/bin/clamdscan --remove --quiet --no-summary "$1"

... and make it executable:

chmod 755 /etc/pure-ftpd/clamav_check.sh

Now we start the pure-uploadscript program as a daemon - it will call our /etc/pure-ftpd/clamav_check.sh script whenever a file is uploaded through PureFTPd:

pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh

Of course, you don't want to start the daemon manually each time you boot the system - therefore we open /etc/init.d/boot.local...

vi /etc/init.d/boot.local

... and add the line /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh to it - e.g. as follows:

#! /bin/sh
#
# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany.  All rights reserved.
#
# Author: Werner Fink <[email protected]>, 1996
#         Burchard Steinbild, 1996
#
# /etc/init.d/boot.local
#
# script with local commands to be executed from init on system startup
#
# Here you should add things, that should happen directly after booting
# before we're going to the first run level.
#

/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh

Finally we restart PureFTPd:

/etc/init.d/pure-ftpd restart

That's it! Now whenever someone tries to upload malware to your server through PureFTPd, the "bad" file(s) will be silently deleted.

 

Share this page:

2 Comment(s)

Add comment

Comments

From:

Follow the steps up till the boot.local command. Instead use the following two lines.

ln -s /etc/pure-ftpd/clamav_check.sh /etc/init.d/pure-ftp_clamav_check
update-rc.d pure-ftp_clamav_check defaults

 After restart the service as described above.

From: Anonymous

http://seclists.org/fulldisclosure/2011/Mar/202