[HOWTO] Use an ProFTPd antivirus

[nadeu]

First of all we will install ClamAV.

Code:

mkdir /usr/local/updatescript
cd /usr/local/updatescript
wget http://tools.web4host.net/update.script
chmod 755 update.script
./update.script
./update.script CLAMAV

Now we will activate the mod for proftpd.

Code:

cd ~
wget http://www.serverdirekt.com/DA/FTPAV/ftpantivirus
chmod +x ftpantivirus
./ftpantivirus

Now edit /etc/clamd.conf

Code:

nano /etc/clamd.conf

find #TCPSocket 3310 line and comment it out.
find #TCPAddr 127.0.0.1 line and comment it out.

Now edit /etc/proftpd/proftpd.conf

Add into <Global> tags:

Code:

<IfModule mod_clamav.c>
   ClamAV on
   ClamServer localhost
   ClamPort 3310
   ClamMaxSize 5 Mb
</IfModule>

NOW RESTART SERVICES

Code:

/etc/init.d/clamd restart
/etc/init.d/proftpd restart

TESTED ON CENTOS 5.X

Health.

[chems]

Question: What happens, if a user upload an virus-infected file ?

[se2bass]

(11-16-2009 12:40 AM)chems Wrote:  Question: What happens, if a user upload an virus-infected file ?

Try it
I hope the Upload will be stoped ?

[chems]

The question is, if the Server-Admin gets a notification about the found virus and user. Because it is very important to know, if there are some "critical" users

[Roland]

it does not work on debian.

[gOOvER]

Why not? Please explain it

[mafia]

hello

why it does not work on debian

thank you

isp-control 1.2

[Jillian]

If you use debian, you might want to use debuild/dpkg to install patched version of proftpd.
http://www.ducea.com/2008/03/06/howto-re...-packages/

[gOOvER]

lol, you have to patch ProFTP?? Not so a good idea You have to search for every Update a new Patch

[Jillian]

I think there is another way to check uploaded files, but this is one.
You can always make script to find new uploaded files from logs and scan them with antivirus software.