Current time: 11-25-2024, 04:36 AM Hello There, Guest! (LoginRegister)


Post Reply 
[HOWTO] Use an ProFTPd antivirus
Author Message
nadeu Offline
Junior Member
*

Posts: 13
Joined: Dec 2008
Reputation: 0
Post: #1
Toungue [HOWTO] Use an ProFTPd antivirus
First of all we will install ClamAV.

Code:
mkdir /usr/local/updatescript
cd /usr/local/updatescript
wget http://tools.web4host.net/update.script
chmod 755 update.script
./update.script
./update.script CLAMAV

Now we will activate the mod for proftpd.

Code:
cd ~
wget http://www.serverdirekt.com/DA/FTPAV/ftpantivirus
chmod +x ftpantivirus
./ftpantivirus

Now edit /etc/clamd.conf

Code:
nano /etc/clamd.conf

find #TCPSocket 3310 line and comment it out.
find #TCPAddr 127.0.0.1 line and comment it out.

Now edit /etc/proftpd/proftpd.conf

Add into <Global> tags:

Code:
<IfModule mod_clamav.c>
   ClamAV on
   ClamServer localhost
   ClamPort 3310
   ClamMaxSize 5 Mb
</IfModule>

NOW RESTART SERVICES

Code:
/etc/init.d/clamd restart
/etc/init.d/proftpd restart


TESTED ON CENTOS 5.X

Health.
(This post was last modified: 11-10-2009 05:59 AM by nadeu.)
11-10-2009 05:14 AM
Find all posts by this user Quote this message in a reply
chems Offline
Junior Member
*

Posts: 46
Joined: Mar 2009
Reputation: 0
Post: #2
RE: [HOWTO] Use an ProFTPd antivirus
Question: What happens, if a user upload an virus-infected file ?
11-16-2009 12:40 AM
Find all posts by this user Quote this message in a reply
se2bass Offline
Development Team - Junior
*****
Dev Team

Posts: 133
Joined: May 2009
Reputation: 7
Post: #3
RE: [HOWTO] Use an ProFTPd antivirus
(11-16-2009 12:40 AM)chems Wrote:  Question: What happens, if a user upload an virus-infected file ?

Try it Big Grin
I hope the Upload will be stoped ?
11-16-2009 01:13 AM
Find all posts by this user Quote this message in a reply
chems Offline
Junior Member
*

Posts: 46
Joined: Mar 2009
Reputation: 0
Post: #4
RE: [HOWTO] Use an ProFTPd antivirus
The question is, if the Server-Admin gets a notification about the found virus and user. Because it is very important to know, if there are some "critical" users
(This post was last modified: 11-16-2009 01:30 AM by chems.)
11-16-2009 01:22 AM
Find all posts by this user Quote this message in a reply
Roland Offline
Junior Member
*

Posts: 24
Joined: Nov 2009
Reputation: 0
Post: #5
RE: [HOWTO] Use an ProFTPd antivirus
it does not work on debian.
11-20-2009 02:45 PM
Find all posts by this user Quote this message in a reply
gOOvER Offline
Banned

Posts: 3,561
Joined: Jul 2007
Post: #6
RE: [HOWTO] Use an ProFTPd antivirus
Why not? Please explain it Wink
11-20-2009 04:43 PM
Visit this user's website Find all posts by this user Quote this message in a reply
mafia Offline
Banned

Posts: 170
Joined: May 2008
Post: #7
RE: [HOWTO] Use an ProFTPd antivirus
hello

why it does not work on debian

thank you

isp-control 1.2
11-24-2009 03:19 AM
Find all posts by this user Quote this message in a reply
Jillian Offline
Junior Member
*

Posts: 51
Joined: Mar 2009
Reputation: 1
Post: #8
RE: [HOWTO] Use an ProFTPd antivirus
If you use debian, you might want to use debuild/dpkg to install patched version of proftpd.
http://www.ducea.com/2008/03/06/howto-re...-packages/
11-24-2009 03:35 AM
Visit this user's website Find all posts by this user Quote this message in a reply
gOOvER Offline
Banned

Posts: 3,561
Joined: Jul 2007
Post: #9
RE: [HOWTO] Use an ProFTPd antivirus
lol, you have to patch ProFTP?? Not so a good idea Smile You have to search for every Update a new Patch Wink
11-24-2009 03:40 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Jillian Offline
Junior Member
*

Posts: 51
Joined: Mar 2009
Reputation: 1
Post: #10
RE: [HOWTO] Use an ProFTPd antivirus
I think there is another way to check uploaded files, but this is one.
You can always make script to find new uploaded files from logs and scan them with antivirus software.
11-24-2009 05:32 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 5 Guest(s)