This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on a Fedora 18 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.
I do not issue any guarantee that this will work for you!
1. Preliminary Note
You should have a working PureFTPd setup on your Fedora 18 server
2. Installing ClamAV
ClamAV can be installed as follows :
yum install amavisd-new clamav clamav-data clamav-server clamav-update clamav-scanner
Next we create the system startup links for clamd and start it:
systemctl enable clamd.amavisd.service
systemctl start clamd.amavisd.service
3. Configuring PureFTPd
First we open
/etc/pure-ftpd/pure-ftpd.conf and set
CallUploadScript to yes :
vi /etc/pure-ftpd/pure-ftpd.conf
[...]
# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.
CallUploadScript yes
[...]
Next we create the file
/etc/pure-ftpd/clamav_check.sh (which will
call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...
vi /etc/pure-ftpd/clamav_check.sh
#!/bin/sh
/usr/bin/clamdscan --remove --quiet --no-summary "$1"
...
and make it executable:
chmod 755 /etc/pure-ftpd/clamav_check.sh
Now we start the
pure-uploadscript program as a daemon - it will call our
/etc/pure-ftpd/clamav_check.sh script whenever a file is uploaded through PureFTPd:
pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh
Of course, you don't want to start the daemon manually each time you boot the system - therefore we open
/etc/rc.local...
vi /etc/rc.local
... and add the line
/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh to it - e.g. as follows:
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh
touch /var/lock/subsys/local
If
/etc.rc.local does not exist, create it (with the
#!/bin/sh line in the beginning) and then make it executable:
chmod 755 /etc/rc.local
Finally we restart PureFTPd:
systemctl restart pure-ftpd.service
That's it! Now whenever someone tries to upload malware to your server through PureFTPd, the "bad" file(s) will be silently deleted.
4. Links
PureFTPD:
http://www.pureftpd.org/
ClamAV:
http://www.clamav.net/
Fedora:
http://fedoraproject.org/