How To Integrate ClamAV Into PureFTPd For Virus Scanning On Ubuntu 12.10
This tutorial exists for these OS versions
- Ubuntu 12.10 (Quantal Quetzal)
- Ubuntu 12.04 LTS (Precise Pangolin)
- Ubuntu 10.10 (Maverick Meerkat)
On this page
This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on an Ubuntu 12.10 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.
1 Preliminary Note
You should have a working PureFTPd setup on your Ubuntu 12.10 server, e.g. as shown in this tutorial: Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On Ubuntu 12.10.
Make sure that you are logged in as root (type in
sudo su
to become root), because we must run all the steps from this tutorial as root user.
2 Installing ClamAV
ClamAV can be installed as follows:
apt-get install clamav clamav-daemon clamav-data
Run
freshclam
to download the latest virus signatures, and the start the ClamAV daemon:
/etc/init.d/clamav-daemon start
3 Configuring PureFTPd
First we create the file /etc/pure-ftpd/conf/CallUploadScript which simply contains the string yes:
echo "yes" > /etc/pure-ftpd/conf/CallUploadScript
Next we create the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...
vi /etc/pure-ftpd/clamav_check.sh
#!/bin/sh /usr/bin/clamdscan --remove --quiet --no-summary "$1" |
... and make it executable:
chmod 755 /etc/pure-ftpd/clamav_check.sh
Now we edit /etc/default/pure-ftpd-common...
vi /etc/default/pure-ftpd-common
... and change the UPLOADSCRIPT line as follows:
[...] # UPLOADSCRIPT: if this is set and the daemon is run in standalone mode, # pure-uploadscript will also be run to spawn the program given below # for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or # pure-uploadscript(8) # example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl UPLOADSCRIPT=/etc/pure-ftpd/clamav_check.sh [...] |
Finally we restart PureFTPd:
/etc/init.d/pure-ftpd-mysql restart
That's it! Now whenever someone tries to upload malware to your server through PureFTPd, the "bad" file(s) will be silently deleted.
4 Links
- PureFTPD: http://www.pureftpd.org/
- ClamAV: http://www.clamav.net/
- Ubuntu: http://www.ubuntu.com/