How to Scan & Stop Uploading Infected Files to Your Server

[ashutariyal]

To scan and stop uploading infected files to your server , you need to enable ClamAV with PureFTP (Do not use this with ProFTP or other FTP services on your server).

1. Make sure Clamav is installed on your server and/or up-to-date.

Clamav binary files are installed in (for a cPanel and DirectAdmin powered server)
/usr/local/bin and /usr/bin/

Using your favorite Linux text editor such as vi or pico, edit /etc/pure-ftpd.conf file and set the entry:

From:
#CallUploadScript yes

To:
CallUploadScript yes

Save and exit the file /etc/pure-ftpd.conf.

2. Edit the file /etc/init.d/pure-ftpd
Find the following entry:
$DAEMONIZE $fullpath /etc/pure-ftpd.conf -O clf:/var/log/xferlog $OPTIONS --daemonize
right underneath this entry add the following line:
$DAEMONIZE /usr/sbin/pure-uploadscript -B -r /var/run/pure-ftpd/clamscan.sh

3. Find the following entry:
kill $(cat /var/run/pure-ftpd.pid)
right underneath this entry add the following line:
kill $(cat /var/run/pure-ftpd/pure-uploadscript.pid)

4. Save and exit the file /etc/init.d/pure-ftpd

5. Change the directory to:
cd /var/run/pure-ftpd/

6. Create the following script: clamscan.sh and insert the following text

PHP Code: 

#!/bin/sh

if [ "$1" = "" ]; then
echo 'Variable is blank';
exit;
fi
if [ ! -f "$1" ]; then
echo "$1 file not found"
exit;
fi


date=`date '+%d-%m-%y %H:%M'`;
scan=`/usr/bin/clamdscan --remove --no-summary "$1"`;
echo "$date ClamAV $scan" >> /var/log/messages 


7. Save and exit the file clamscan.sh. Then run the following commands at the prompt:
* chmod 755 /var/run/pure-ftpd/clamscan.sh
* /sbin/service pure-ftpd restart

Since we used the switch --remove with the clamscan command in the script above, infected files will be permanently deleted. If you do not want the script to delete infected files and just move them to a directory, change the following entry:

From:
scan=`/usr/bin/clamdscan --remove --no-summary "$1"`;

To:
scan=`/usr/bin/clamdscan --move=/root/junk --no-summary "$1"`;

If you do that, you need to create the subdirectory junk in the /root directory. To do so, execute this command:

* mkdir /root/junk

NOW ALL DONE!

ashutariyal Reviewed by ashutariyal on 19th Jun 2009. How to Scan & Stop Uploading Infected Files to Your Server To scan and stop uploading infected files to your server , you need to enable ClamAV with PureFTP (Do not use this with ProFTP or other FTP services on your server). 1. Make sure Clamav is installed on your server and/or up-to-date. Clamav binary files are installed in (for a cPanel and DirectAdmin powered server) /usr/local/bin and /usr/bin/ Using your favorite Linux text editor such as vi or pico, edit /etc/pure-ftpd.conf file and set the entry: From: Rating: 5