This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on a Fedora 14 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.
I do not issue any guarantee that this will work for you!
You should have a working PureFTPd setup on your Fedora 14 server, e.g. as shown in this tutorial: Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On Fedora 14.
ClamAV can be installed as follows:
yum install amavisd-new clamav clamav-data clamav-server clamav-update clamav-scannerClamdscan expects the configuration file /etc/clamd.conf which doesn't exist - therefore we create a symlink from /etc/clamd.conf to /etc/clamd.d/amavisd.conf:
ln -s /etc/clamd.d/amavisd.conf /etc/clamd.confNext we create the system startup links for clamd and start it:
chkconfig --levels 235 clamd.amavisd on/etc/init.d/clamd.amavisd start
First we open /etc/pure-ftpd/pure-ftpd.conf and set CallUploadScript to yes :
vi /etc/pure-ftpd/pure-ftpd.conf[...]# If your pure-ftpd has been compiled with pure-uploadscript support,# this will make pure-ftpd write info about new uploads to# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and# spawn a script to handle the upload.CallUploadScript yes[...]
Next we create the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...
vi /etc/pure-ftpd/clamav_check.sh#!/bin/sh/usr/bin/clamdscan --remove --quiet --no-summary "$1"
... and make it executable:
chmod 755 /etc/pure-ftpd/clamav_check.shNow we start the pure-uploadscript program as a daemon - it will call our /etc/pure-ftpd/clamav_check.sh script whenever a file is uploaded through PureFTPd:
pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.shOf course, you don't want to start the daemon manually each time you boot the system - therefore we open /etc/rc.local...
vi /etc/rc.local... and add the line /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh to it - e.g. as follows:
#!/bin/sh## This script will be executed *after* all the other init scripts.# You can put your own initialization stuff in here if you don't# want to do the full Sys V style init stuff./usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.shtouch /var/lock/subsys/localFinally we restart PureFTPd:
/etc/init.d/pure-ftpd restartThat's it! Now whenever someone tries to upload malware to your server through PureFTPd, the "bad" file(s) will be silently deleted.
No comments:
Post a Comment