Improving FTP Protection With Clam AV

Aidan | Security | 09 October

Over the last couple of months we have covered alot of security Issues with regards how to best secure and manage your cloud server.

We have covered such topics as:

This Blog post is going to offer an additional layer of security for customers using the Fedora 12 Operating system on your Cloud server.By using the popular opensource Clam AV software with some modifications , we are going to have it scan all files FTP'd to our fedora 12 server and delete any files that look like malware.

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It comes pre-installed in virtualmin with that template and can be activated within your virtualmin control panel.

For the sake of this tutorial im assuming ProFTP has been set-up on the server.

Installing Clam AV

Login to your server via SSH and run the following commands off your server command line.

yum install amavisd-new clamav clamav-data clamav-server clamav-update clamav-scanner

Clamdscan expects the configuration file /etc/clamd.conf which doesn't exist - therefore we create a symlink from /etc/clamd.conf to /etc/clamd.d/amavisd.conf:

ln -s /etc/clamd.d/amavisd.conf /etc/clamd.conf

Next we need to create the system startup links for clamd and start it up:

chkconfig --levels 235 clamd.amavisd on
/etc/init.d/clamd.amavisd start

Configuring PureFTPd

We first need to open /etc/pure-ftpd/pure-ftpd.conf and set CallUploadScript to yes , this can be done using your vi editor.

vi /etc/pure-ftpd/pure-ftpd.conf

Next we create the file /etc/pure-ftpd/ (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...

vi /etc/pure-ftpd/

chmod 755 /etc/pure-ftpd/

Now we start the pure-uploadscript program as a daemon - it will call our /etc/pure-ftpd/ script whenever a file is uploaded through PureFTPd:

pure-uploadscript -B -r /etc/pure-ftpd/

To ensure it starts everytime you b

oot your server you need to slighly modify your rc.local file.

vi /etc/rc.local

Simply copy and paste the following line into that file at the bottom.

/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/

For it to Kick in , simply restart your FTP client.

/etc/init.d/pure-ftpd restart

You have now added an additional layer of security to your fedora 12 server.

What other tutorials would you like to see? Let us know in the comments section below.

 New Call-to-action