Clamav can work in conjunction with pure-ftpd to not allow virus’s to be uploaded. Here are the steps. First install Clamav. In the example below clamav is installed in /usr/local/bin but your set up may have it in /usr/bin
/etc/pure-ftpd.conf
Edit /etc/pure-ftpd.conf and set
CallUploadScript yes
/etc/init.d/pure-ftpd
Edit /etc/init.d/pure-ftpd
Look for $DAEMONIZE $fullpath /etc/pure-ftpd.conf -O clf:/var/log/xferlog $OPTIONS –daemonize
Under this add
$DAEMONIZE /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamscan.sh
Next look for kill $(cat /var/run/pure-ftpd.pid)
Under this add
kill $(cat /var/run/pure-ftpd/pure-uploadscript.pid)
/etc/pure-ftpd/clamscan.sh
create new file named /etc/pure-ftpd/clamscan.sh
#!/bin/sh
# /usr/local/bin/clamdscan is faster if clamd is running
CLAMLOC=’/usr/local/bin/clamscan’;if [ ! -x $CLAMLOC ]; then
echo ‘clamscan not found’;
exit;
fi
if [ “$1” = “” ]; then
echo ‘Variable is blank’;
exit;
fi
if [ ! -f “$1” ]; then
echo “$1 file not found”
exit;
fi# maybe you would prefer –move=/DIRECTORY instead of remove
$CLAMLOC –remove $1
and then chmod to 755
The above calles –remove. This will of course delete the file if its detected as a virus. You may want to instead use –move
–move=DIRECTORY
Move infected files into DIRECTORY. Directory must be writable
for the ‘clamav’ user or unprivileged user running clamscan.
Restart FTP
/etc/init.d/pure-ftpd restart
Testing
Upload the EICAR test file to test if clamav is working
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Source: http://wiki.cpaneldirect.net/wiki/index.php?title=Integrate_pure-ftpd_with_clamav
