Cheap VPS & Xen Server

Residential Proxy Network - Hourly & Monthly Packages

How To Integrate ClamAV Into PureFTPd For Virus Scanning On OpenSUSE 11.2


This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on an OpenSUSE 11.2 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

You should have a working PureFTPd setup on your OpenSUSE 11.2 server, e.g. as shown in this tutorial: Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On OpenSUSE 11.2.

 

2 Installing ClamAV

ClamAV can be installed as follows:

yast2 -i clamav clamav-db

Next we create the system startup links for clamd and start it:

chkconfig –add clamd
/etc/init.d/clamd start

 

3 Configuring PureFTPd

First we open /etc/pure-ftpd/pure-ftpd.conf and set Umask to 133:022 (so that clamdscan has the correct permissions to read uploaded files) and CallUploadScript to yes :

vi /etc/pure-ftpd/pure-ftpd.conf

[...]
# File creation mask. <umask for files>:<umask for dirs> .
# 177:077 if you feel paranoid.

Umask                       133:022
[...]
# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.

CallUploadScript yes
[...]

Next we create the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)…

vi /etc/pure-ftpd/clamav_check.sh

#!/bin/sh
/usr/bin/clamdscan --remove --quiet --no-summary "$1"

… and make it executable:

chmod 755 /etc/pure-ftpd/clamav_check.sh

Now we start the pure-uploadscript program as a daemon – it will call our /etc/pure-ftpd/clamav_check.sh script whenever a file is uploaded through PureFTPd:

pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh

Of course, you don’t want to start the daemon manually each time you boot the system – therefore we open /etc/init.d/boot.local

vi /etc/init.d/boot.local

… and add the line /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh to it – e.g. as follows:

#! /bin/sh
#
# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany.  All rights reserved.
#
# Author: Werner Fink <werner@suse.de>, 1996
#         Burchard Steinbild, 1996
#
# /etc/init.d/boot.local
#
# script with local commands to be executed from init on system startup
#
# Here you should add things, that should happen directly after booting
# before we're going to the first run level.
#
/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh

Finally we restart PureFTPd:

/etc/init.d/pure-ftpd restart

That’s it! Now whenever someone tries to upload malware to your server through PureFTPd, the “bad” file(s) will be silently deleted.

 

  • PureFTPD: http://www.pureftpd.org/
  • ClamAV: http://www.clamav.net/
  • OpenSUSE: http://www.opensuse.org/

Comments

comments