How to Integrate ClamAV Into PureFTPd For Virus Scanning on Debian Squeeze

Instructions

• 1

  Installing ClamAV
  
  First of all, you need to install ClamAV which can be installed as follows;
  
  apt-get install clamav clamav-daemon
• 2

  Configuring PureFTPd
  
  Afterwards, make the file /etc/pure-ftpd/conf/CallUploadScript which include the string yes:
  
  echo "yes" > /etc/pure-ftpd/conf/CallUploadScript
• 3

  Now, you have to make the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...
  
  vi /etc/pure-ftpd/clamav_check.sh
  
  #!/bin/sh
  
  /usr/bin/clamdscan --remove --quiet --no-summary "$1"
  
  The file that you have created should be practically executable.
  
  chmod 755 /etc/pure-ftpd/clamav_check.sh
• 4

  After that you have to edit /etc/default/pure-ftpd-common..
  
  vi /etc/default/pure-ftpd-common
  
  ... and change the UPLOADSCRIPT line as follows:
  
  [...]
  
  # UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,
  
  # pure-uploadscript will also be run to spawn the program given below
  
  # for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or
  
  # pure-uploadscript(8)
  
  # example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl
  
  UPLOADSCRIPT=/etc/pure-ftpd/clamav_check.sh
  
  [...]
• 5

  In the end you have to restart PureFTPd:
  
  /etc/init.d/pure-ftpd-mysql restart
  
  All done. Now, if your sever is hit by a malware through PureFTPd, ClamAV will detect the “bad” file(s) and deletes it instantly.