Clamav can work in conjunction with pure-ftpd to not allow virus’s to be uploaded. Here are the steps. First install Clamav.
Edit /etc/pure-ftpd.conf and set
Edit /etc/init.d/pure-ftpd
Look for $DAEMONIZE $fullpath /etc/pure-ftpd.conf -O clf:/var/log/xferlog $OPTIONS –daemonize
Under this add
Under this add
The above calles –remove. This will of course delete the file if its detected as a virus. You may want to instead use –move
Edit /etc/pure-ftpd.conf and set
CallUploadScript yes
Patch /etc/init.d/pure-ftpdEdit /etc/init.d/pure-ftpd
Look for $DAEMONIZE $fullpath /etc/pure-ftpd.conf -O clf:/var/log/xferlog $OPTIONS –daemonize
Under this add
$DAEMONIZE /usr/sbin/pure-uploadscript -B -r /var/run/pure-ftpd/clamscan.sh
Next look for kill $(cat /var/run/pure-ftpd.pid)Under this add
kill $(cat /var/run/pure-ftpd/pure-uploadscript.pid)
/var/run/pure-ftpd/clamscan.sh
#!/bin/sh # /usr/local/bin/clamdscan is faster if clamd is running CLAMLOC='/usr/local/bin/clamscan'; if [ ! -x $CLAMLOC ]; then echo 'clamscan not found'; exit; fi if [ "$1" = "" ]; then echo 'Variable is blank'; exit; fi if [ ! -f "$1" ]; then echo "$1 file not found" exit; fi # maybe you would prefer --move=/DIRECTORY instead of remove $CLAMLOC --remove=yes $1and then chmod to 755
The above calles –remove. This will of course delete the file if its detected as a virus. You may want to instead use –move
--move=DIRECTORY Move infected files into DIRECTORY. Directory must be writable for the 'clamav' user or unprivileged user running clamscan.
Restart FTP
/etc/init.d/pure-ftpd restart
Testing
Upload the EICAR test file to test if clamav is workingX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
No comments:
Post a Comment