How to integrate ClamAV into PureFTPd for CentOS 7 anti-virus scan

On this page

  1. Preliminary reference
  2. Installing ClamAV
  3. Configuring PureFTPd
  4. Virtual machine image
    1. Login with SSH
    2. MariaDB Login
  5. Links

In this guide, we will show you how to integrate ClamAV into PureFTPd to scan for viruses in the CentOS 7 operating system. Every time you download a file via PureFTPd, ClamAV will scan the file for viruses or malware and, if found, delete this file.

1. Preliminary information

You should have a working PureFTPd installation on your CentOS 7 server, for example, as shown in this guide, how to install PureFTPd and MySQL on shared hosting on a CentOS 7 system (including quota and bandwidth management).

2. Installing ClamAV

ClamAV is not available in the official CentOS repos, so we include the EPEL repository (if you haven’t already. Start by importing the RPM GPKs.

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Then we enable the Epel repository on our CentOS system, as many packages that we are going to install in this tutorial are not available in the official CentOS 7 repository:

yum -y install epel-release

yum -y install yum-priorities

Edit /etc/yum.repos.d/epel.repo…

nano /etc/yum.repos.d/epel.repo

… And add the line priority = 10 in the section [EPEL]:

[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
priority=10
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
[...]

Then we update our existing packages on the system:

yum update

After that, we can install ClamAV as follows:

yum -y clamav clamav-server clamav-data clamav-update clamav-filesystem clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

Edit the file /etc/freshclam.conf and comment out the example line:

nano /etc/freshclam.conf

by adding # before the line Example:

..... 
# Комментарий или удалить строку ниже. 
# Пример 

....

Then edit the /etc/clamd.d/scan.conf file:

nano /etc/clamd.d/scan.conf

and comment out the Example line as we did in the file above and remove the # in front of LocalSocket.

..... 
# Комментарий или удалить строку ниже. 
# Пример 

.... 
LocalSocket /var/run/clamd.scan/clamd.sock 
....

Next, we create a link to run on the clamd system and run it:

systemctl enable [email protected]
freshclam

Then start the ClamAV service:

systemctl start [email protected]

You can check the status of the ClamAV daemon with the following command:

 systemctl  status [email protected]

The result should be like this:

[[email protected]сервер system]# systemctl status [email protected]
? [email protected] - Generic clamav scanner daemon
Loaded: loaded (/usr/lib/systemd/system/[email protected]; disabled; vendor preset: disabled)
Active: active (running) since Thu 2016-08-14 18:30:21 CEST; 1min 40s ago
Main PID: 10955 (clamd)
CGroup: /system.slice/system-clamd.slice/[email protected]
??10945 /usr/sbin/clamd -c /etc/clamd.d/scan.conf --nofork=yes
Apr 09 12:14:10 сервер.пример.ру clamd[10955]: HTML support enabled.
Apr 09 12:14:10 сервер.пример.ру clamd[10955]: XMLDOCS support enabled.
Apr 09 12:14:10 сервер.пример.ру clamd[10955]: HWP3 support enabled.
Apr 09 12:14:10 сервер.пример.ру clamd[10955]: Self checking every 600 seconds.
Apr 09 12:14:10 сервер.пример.ру clamd[10955]: PDF support enabled.
Apr 09 12:14:10 сервер.пример.ру clamd[10955]: SWF support enabled.
Apr 09 12:14:10 сервер.пример.ру clamd[10955]: HTML support enabled.
Apr 09 12:14:10 сервер.пример.ру clamd[10955]: XMLDOCS support enabled.
Apr 09 12:14:10 сервер.пример.ру clamd[10955]: HWP3 support enabled.
Apr 09 12:14:10 сервер.пример.ру clamd[10955]: Self checking every 600 seconds.

3. Configuring PureFTPd

First, open /etc/pure-ftpd/pure-ftpd.conf and set CallUploadScript to yes:

nano /etc/pure-ftpd/pure-ftpd.conf
[...]
# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.
# Don't enable this option if you don't actually use pure-uploadscript.

CallUploadScript yes
[...]

Next, we will create an executable file /etc/pure-ftpd/clamav_check.sh (which will call / usr / bin / clamdscan if the file is uploaded via PureFTPd) …

nano /etc/pure-ftpd/clamav_check.sh

#!/bin/sh
/usr/bin/clamdscan --fdpass --remove --quiet --no-summary -c /etc/clamd.d/scan.conf "$1"

… And let’s make it executable:

chmod 755 /etc/pure-ftpd/clamav_check.sh

Now we will run the pure-uploadscript script as a daemon – it will call our script /etc/pure-ftpd/clamav_check.sh if the file is uploaded via PureFTPd:

pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh

Of course, we want to start the daemon automatically when the system starts up – so we’ll edit /etc/rc.local …

nano /etc/rc.local

… And add the line / usr / sbin / pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh to it with something like this:

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh
touch /var/lock/subsys/local

Finally, we restart PureFTPd:

systemctl restart [email protected]

That’s all! Now, every time someone tries to upload malware to your server via PureFTPd, it will silently delete the malicious file (s).

4.virtual machine image

This tutorial is available as a ready-to-use virtual machine in OVA / OVF format for Howtoforge subscribers. The VM format is compatible with VMWare and Virtualbox and other tools that can import this format. You can find the download link in the menu at the top right. Click on the file name to start downloading.

Virtual machine login details:

SSH login

Username: root Password: AndreyEx_root

Login to MariaDB

Username: root Password: AndreyEx_root

Please change passwords after first boot.

Sidebar