How To Integrate ClamAV Into PureFTPd For Virus Scanning On Debian Squeeze

How To Integrate ClamAV Into PureFTPd For Virus Scanning On Debian Squeeze

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on a Debian Squeeze system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.if(typeof __ez_fad_position != ‘undefined’){__ez_fad_position(‘div-gpt-ad-howtoforge_com-box-3-0’)};

 

You should have a working PureFTPd setup on your Debian Squeeze server, e.g. as shown in this tutorial: Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On Debian Squeeze .

 

ClamAV can be installed as follows:

apt-get install clamav clamav-daemon

 

First we create the file /etc/pure-ftpd/conf/CallUploadScript which simply contains the string yes:

echo "yes" > /etc/pure-ftpd/conf/CallUploadScript

Next we create the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)…

vi /etc/pure-ftpd/clamav_check.sh
#!/bin/sh
/usr/bin/clamdscan --remove --quiet --no-summary "$1"

… and make it executable:

chmod 755 /etc/pure-ftpd/clamav_check.sh

Now we edit /etc/default/pure-ftpd-commonif(typeof __ez_fad_position != ‘undefined’){__ez_fad_position(‘div-gpt-ad-howtoforge_com-medrectangle-4-0’)};if(typeof __ez_fad_position != ‘undefined’){__ez_fad_position(‘div-gpt-ad-howtoforge_com-medrectangle-4-0_1’)}; .medrectangle-4-multi-108{border:none !important;display:block !important;float:none;line-height:0px;margin-bottom:15px !important;margin-left:0px !important;margin-right:0px !important;margin-top:15px !important;min-height:250px;min-width:250px;text-align:center !important;}

vi /etc/default/pure-ftpd-common

… and change the UPLOADSCRIPT line as follows:

[...]
# UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,
# pure-uploadscript will also be run to spawn the program given below
# for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or
# pure-uploadscript(8)

# example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl
UPLOADSCRIPT=/etc/pure-ftpd/clamav_check.sh
[...]

Finally we restart PureFTPd:

/etc/init.d/pure-ftpd-mysql restart

That’s it! Now whenever someone tries to upload malware to your server through PureFTPd, the “bad” file(s) will be silently deleted.

 

  • PureFTPD: http://www.pureftpd.org/
  • ClamAV: http://www.clamav.net/
  • Debian: http://www.debian.org/
About the Author

Leave a Reply