Integrate pure-ftpd with clamav

From CPanelDirect
Jump to: navigation, search

Clamav can work in conjunction with pure-ftpd to not allow virus's to be uploaded. Here are the steps.

First install Clamav. In the example below clamav is installed in /usr/local/bin but your set up may have it in /usr/bin


/etc/pure-ftpd.conf

Edit /etc/pure-ftpd.conf and set

CallUploadScript yes

/etc/init.d/pure-ftpd

Patch /etc/init.d/pure-ftpd

Edit /etc/init.d/pure-ftpd

Look for $DAEMONIZE $fullpath /etc/pure-ftpd.conf -O clf:/var/log/xferlog $OPTIONS --daemonize

Under this add

$DAEMONIZE /usr/sbin/pure-uploadscript -B -r /var/run/pure-ftpd/clamscan.sh

Next look for kill $(cat /var/run/pure-ftpd.pid)

Under this add

kill $(cat /var/run/pure-ftpd/pure-uploadscript.pid)


/var/run/pure-ftpd/clamscan.sh

#!/bin/sh

# /usr/local/bin/clamdscan is faster if clamd is running
CLAMLOC='/usr/local/bin/clamscan';

if [ ! -x $CLAMLOC ]; then
        echo 'clamscan not found';
        exit;
fi
if [ "$1" = "" ]; then
        echo 'Variable is blank';
        exit;
fi
if [ ! -f "$1" ]; then
        echo "$1 file not found"
        exit;
fi

# maybe you would prefer --move=/DIRECTORY instead of remove
$CLAMLOC --remove $1


^^^ Chmod to 755 ^^^

The above calles --remove. This will of course delete the file if its detected as a virus. You may want to instead use --move

       --move=DIRECTORY
              Move  infected files into DIRECTORY. Directory must be writable
              for the 'clamav' user or unprivileged user running clamscan.

Restart FTP

/etc/init.d/pure-ftpd restart

FreeBSD

On freebsd add

pureftpd_enable="YES"
pureftpd_upload_enable="YES"
pureftpd_uploadscript="/var/run/pure-ftpd/clamscan.sh"

to /etc/rc.conf, and make sure callupload is set to yes in pure-ftpd.conf.

Testing

Upload the EICAR test file to test if clamav is working

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*