This howto is about making ProFTPD work with CLAMAV to scan all files uploaded by users using a FTP client.
Recently our customers are having real difficulty with Iframe viruses, Php shells and other kind of windows viruses are also a headache always.
ClamAV is already working with exim mail server in our servers for years. Why not make it also scan incoming FTP uploads.This will add more CPU Time to our servers, but preventing users to upload any kind of virus data makes sense.
How will this work? :
-we will add ClamAV support to ProFTPD using mod_clamav module.
-when a user uploads a file using FTP, ClamAV will scan incoming file after upload finishes.
-if any kind of virus like signature found by ClamAV, uploaded file will be deleted from server, notifying the FTP client.
1- we will need a working ClamAV installation on server before this. I prefer not to tell how to install ClamAV to server this time, because there is already a very handy script called update.script which can install ClamAV and tons of other stuff. I take portions of this script to automate my process. Thanks to original update.script creator!
If ClamAV is already installed and updating itself regularly please skip this step.
-INSTALL CLAMAV-
mkdir /usr/local/updatescript
cd /usr/local/updatescript
wget http://tools.web4host.net/update.script
chmod 755 update.script
Run it once.
./update.script
Install Clamav
./update.script CLAMAV
Clamav Installation Done!
2- Update ProFTPD with current version. And patch it using mod_clamav for ClamAV usage.
cd ~
wget http://www.serverdirekt.com/DA/FTPAV/ftpantivirus
chmod +x ftpantivirus
./ftpantivirus
-this script will download ProFTPD, download mod_clamav latest version, patch ProFTPD with mod_clamav, compile and install new ProFTPD package with ClamAV support.
3- We need to edit our clamav.conf file to allow TCPSocket connections to port 3310
nano /etc/clamd.conf
find #TCPSocket 3310 line and comment it out.
find #TCPAddr 127.0.0.1 line and comment it out.
Final file will look like this:
....................
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /tmp/clamd
# Remove stale socket after unclean shutdown.
# Default: no
FixStaleSocket yes
# TCP port address.
# Default: no
TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
TCPAddr 127.0.0.1
....................
4- Finally we need to edit proftpd.conf to use our new mod_clamav module.
nano /etc/proftpd.conf
inside <Global></Global> tags at the end add:
<IfModule mod_clamav.c>