In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.
I do not issue any guarantee that this will work for you!
1 Preliminary Note
You should have a working PureFTPd setup on your CentOS 5.4 server, e.g. as shown in this tutorial: Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On CentOS 5.3 (yes, it's for CentOS 5.3, but works for CentOS 5.4 as well).
2 Installing ClamAV
ClamAV is not available in the official CentOS repositories, therefore we enable the RPMforge repository:
Afterwards we can install ClamAV as follows:
Next we create the system startup links for clamd and start it:
Next we create the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...
... and make it executable:
Now we start the pure-uploadscript program as a daemon - it will call our /etc/pure-ftpd/clamav_check.sh script whenever a file is uploaded through PureFTPd:
Of course, you don't want to start the daemon manually each time you boot the system - therefore we open /etc/rc.local...
... and add the line /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh to it - e.g. as follows:
Finally we restart PureFTPd:
That's it! Now whenever someone tries to upload malware to your server through PureFTPd, the "bad" file(s) will be silently deleted.
4 Links
I do not issue any guarantee that this will work for you!
1 Preliminary Note
You should have a working PureFTPd setup on your CentOS 5.4 server, e.g. as shown in this tutorial: Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On CentOS 5.3 (yes, it's for CentOS 5.3, but works for CentOS 5.4 as well).
2 Installing ClamAV
ClamAV is not available in the official CentOS repositories, therefore we enable the RPMforge repository:
# rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
# cd /tmp
# wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
# rpm -ivh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
# rpm -ivh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
Afterwards we can install ClamAV as follows:
# yum install clamav clamd
Next we create the system startup links for clamd and start it:
# chkconfig --levels 235 clamd on
# /usr/bin/freshclam
# /usr/bin/freshclam
/etc/init.d/clamd start
3 Configuring PureFTPd
First we open /etc/pure-ftpd/pure-ftpd.conf and set CallUploadScript to yes :# vi /etc/pure-ftpd/pure-ftpd.conf
[...] # If your pure-ftpd has been compiled with pure-uploadscript support, # this will make pure-ftpd write info about new uploads to # /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and # spawn a script to handle the upload. CallUploadScript yes [...] |
Next we create the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...
# vi /etc/pure-ftpd/clamav_check.sh
#!/bin/sh /usr/bin/clamdscan --remove --quiet --no-summary "$1" |
... and make it executable:
# chmod 755 /etc/pure-ftpd/clamav_check.sh
Now we start the pure-uploadscript program as a daemon - it will call our /etc/pure-ftpd/clamav_check.sh script whenever a file is uploaded through PureFTPd:
# pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh
# vi /etc/rc.local
#!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff. /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh touch /var/lock/subsys/local |
Finally we restart PureFTPd:
/etc/init.d/pure-ftpd restart
That's it! Now whenever someone tries to upload malware to your server through PureFTPd, the "bad" file(s) will be silently deleted.
4 Links
- PureFTPD: http://www.pureftpd.org
- ClamAV: http://www.clamav.net
- CentOS: http://www.centos.org
No comments:
Post a Comment