How to Integrate ClamAV Into PureFTPd For Virus Scanning on Debian Squeeze
Clam Antivirus (ClamAV) is specially designed to detect malicious software. This also includes Trojans, viruses, malware and other malware threats. It is a free open source antivirus engine and was developed for UNIX.
This helps you to integrate ClamAV into PureFTPd. It also allows virus scanning on a Debian Squeeze system. In the end, whenever you try to upload a file through PureFTPd, it will be thoroughly checked by ClamAV and will be instantly deleted if a malware is found in it.
Instructions
-
1
Installing ClamAV
First of all, you need to install ClamAV which can be installed as follows;
apt-get install clamav clamav-daemon -
2
Configuring PureFTPd
Afterwards, make the file /etc/pure-ftpd/conf/CallUploadScript which include the string yes:
echo "yes" > /etc/pure-ftpd/conf/CallUploadScript -
3
Now, you have to make the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...
vi /etc/pure-ftpd/clamav_check.sh
#!/bin/sh
/usr/bin/clamdscan --remove --quiet --no-summary "$1"
The file that you have created should be practically executable.
chmod 755 /etc/pure-ftpd/clamav_check.sh -
4
After that you have to edit /etc/default/pure-ftpd-common..
vi /etc/default/pure-ftpd-common
... and change the UPLOADSCRIPT line as follows:
[...]
# UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,
# pure-uploadscript will also be run to spawn the program given below
# for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or
# pure-uploadscript(8)
# example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl
UPLOADSCRIPT=/etc/pure-ftpd/clamav_check.sh
[...] -
5
In the end you have to restart PureFTPd:
/etc/init.d/pure-ftpd-mysql restart
All done. Now, if your sever is hit by a malware through PureFTPd, ClamAV will detect the “bad” file(s) and deletes it instantly.