Integrate pure-ftpd with clamav on cpanel server

Clamav can work in conjunction with pure-ftpd to not allow virus’s to be uploaded. Here are the steps. First install Clamav. In the example below clamav is installed in /usr/local/bin but your set up may have it in /usr/bin

/etc/pure-ftpd.conf
Edit /etc/pure-ftpd.conf and set

CallUploadScript yes

/etc/init.d/pure-ftpd

Edit /etc/init.d/pure-ftpd

Look for $DAEMONIZE $fullpath /etc/pure-ftpd.conf -O clf:/var/log/xferlog $OPTIONS –daemonize

Under this add

$DAEMONIZE /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamscan.sh

Next look for kill $(cat /var/run/pure-ftpd.pid)

Under this add

kill $(cat /var/run/pure-ftpd/pure-uploadscript.pid)

/etc/pure-ftpd/clamscan.sh

create new file named /etc/pure-ftpd/clamscan.sh

#!/bin/sh

# /usr/local/bin/clamdscan is faster if clamd is running
CLAMLOC=’/usr/local/bin/clamscan’;

if [ ! -x $CLAMLOC ]; then
echo ‘clamscan not found’;
exit;
fi
if [ “$1” = “” ]; then
echo ‘Variable is blank’;
exit;
fi
if [ ! -f “$1” ]; then
echo “$1 file not found”
exit;
fi

# maybe you would prefer –move=/DIRECTORY instead of remove
$CLAMLOC –remove $1

and then chmod to 755

The above calles –remove. This will of course delete the file if its detected as a virus. You may want to instead use –move

–move=DIRECTORY
Move infected files into DIRECTORY. Directory must be writable
for the ‘clamav’ user or unprivileged user running clamscan.

Restart FTP

/etc/init.d/pure-ftpd restart

Testing

Upload the EICAR test file to test if clamav is working

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Source: http://wiki.cpaneldirect.net/wiki/index.php?title=Integrate_pure-ftpd_with_clamav

Comments are closed.