The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[StepByStep] Installing ClamAV antivirus and integrating with Exim and pure-ftpd

Discussion in 'General Discussion' started by FractalizeR, Jan 27, 2008.

  1. FractalizeR

    FractalizeR Member

    Joined:
    Mar 31, 2006
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Every good server must have a good antivirus installed. Let's install ClamAV to our machine. Paths to distributions are provided to the latest versions at the time of writting. If new version releases all you need to do is to change numbers in shell command.

    SSH to your server

    Step 1. Installing prerequisites.
    Clam uses several system libraries in it's work. We need to install them.

    Upgrading gcc compiler
    You may skip this step, but in order to compile safe GMP it is better to have the latest GCC version. You may check current gcc version with gcc -v command

    cd /usr/local
    mkdir gcc
    cd gcc
    wget ftp://mirrors.kernel.org/gnu/gcc/gcc-4.2.2/gcc-core-4.2.2.tar.bz2
    tar -jxvf gcc-core-4.2.2.tar.bz2
    mkdir obj
    cd obj
    At this point we need to check with what options gcc was compiled at your system before. This can be done using gcc -v. You need to copy all parameters to configure command. Note how we run configure - from obj directory only. Here is an example from my PC
    ../gcc-4.2.2/configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --disable-checking --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-java-awt=gtk --host=i386-redhat-linux
    make
    make install

    Installing/upgrading zlib
    cd /usr/local
    mkdir zlib
    cd zlib
    wget http://www.zlib.net/zlib-1.2.3.tar.gz
    tar -zxvf zlib-1.2.3.tar.gz
    cd zlib-1.2.3
    ./configure
    make
    make install

    Installing/upgrading bzip2
    cd /usr/local
    mkdir bzip2
    cd bzip2
    wget http://www.bzip.org/1.0.4/bzip2-1.0.4.tar.gz
    tar -zxvf bzip2-1.0.4.tar.gz
    cd bzip2-1.0.4
    make
    make install

    Installing/upgrading GMP
    cd /usr/local
    mkdir gmp
    cd gmp
    wget ftp://ftp.gnu.org/gnu/gmp/gmp-4.2.2.tar.gz
    tar -zxvf gmp-4.2.2.tar.gz
    cd gmp-4.2.2
    ./configure
    make
    make install

    Step 2. Installing ClamAV.
    groupadd clamav
    useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
    cd /usr/local
    mkdir clamav
    cd clamav
    Now wget clamav sources from this page: http://clamav.org/download/sources. Latest ClamAV version at the time of writting is 0.92
    wget http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.92.tar.gz
    tar -zxvf clamav-0.92.tar.gz
    cd clamav-0.92
    ./configure
    make
    make install
    Next two lines will make your clam configuration files fall to default settings. You can edit both of them anytime to change settings.
    sed -i 's/Example/#Example/g' /usr/local/etc/freshclam.conf
    sed -i 's/Example/#Example/g' /usr/local/etc/clamd.conf
    freshclam -d
    clamd
    At this point clam is successfully installed

    Step 3. Sheduling everyday updates
    touch /var/log/freshclam.log
    chmod 600 /var/log/freshclam.log
    chown clamav /var/log/freshclam.log
    Let's now make clamd and freshclam starting at machine startup
    Locate file rc.local on your server. On CentOS it should be at /etc/rc.d/rc.local. Execute the following commands
    echo /usr/local/bin/freshclam -d >> /etc/rc.d/rc.local
    Additionally let's make clamd starting on system startup
    echo /usr/local/bin/clamd >> /etc/rc.d/rc.local

    Step 4. Exim mail daemon integration
    To complete this step you need to have exim at least 4.50 installed on your server. Issue the following command:
    exim -bV
    Check if there is a minimum 4.50 version and a string Content_Scanning in output (around forth line)
    If all ok - open WHM and go to Service Configuration -> Exim Configuration Editor -> Advanced editor
    Add the following like at the very first text field:
    Code:
    av_scanner = clamd:/tmp/clamd.socket
    And to the second (after begin acl line):
    Code:
    acl_check_virus:
            deny message   = Message rejected: virus found!
                hosts       = *
                malware     = *
            accept
    Save configuration. WHM will restart Exim and apply your settings.

    Step 4. Integrating with pure-ftpd
    Creating post-upload checking script
    echo \#\!/bin/sh > /etc/pure-ftpd/upload-av-check.sh
    echo /usr/local/bin/clamdscan --remove --quiet --no-summary "\$1" >> /etc/pure-ftpd/upload-av-check.sh
    Instructing pure-ftpd to use it at every server startup
    echo /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/upload-av-check.sh >> /etc/rc.d/rc.local
    Enabling check-on-upload in pure-ftd config file. You can grep "CallUpload" /etc/pure-ftpd.conf to ensure all changed correctly.
    sed -i 's/#CallUploadScript/CallUploadSсript/' /etc/pure-ftpd.conf
    Using it now
    /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/upload-av-check.sh
    Restarting pure-ftpd (this can also be done from WHM of course
    service pure-ftpd restart
     
    #1 FractalizeR, Jan 27, 2008
    Last edited: Jan 27, 2008
  2. activa

    activa Well-Known Member

    Joined:
    May 23, 2006
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Morocco
    cPanel Access Level:
    Root Administrator
    great post .

    anyone has tested clamav with ftp ?
     
  3. robb3369

    robb3369 Well-Known Member

    Joined:
    Mar 1, 2008
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    FTP hangs...

    After trying to enable the CallUploadSсript and restarting FTP, the pure-ftpd task hangs and cannot be restarted... looks like it should work, but enabling that directive hangs ftp. oh well...
     
  4. FractalizeR

    FractalizeR Member

    Joined:
    Mar 31, 2006
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Is PureFTPD of latest version?
     
  5. robb3369

    robb3369 Well-Known Member

    Joined:
    Mar 1, 2008
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    v1.0.21

    According to their website, this is the latest: pure-ftpd v1.0.21
     
  6. mykkal

    mykkal Well-Known Member

    Joined:
    Feb 9, 2007
    Messages:
    120
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Atlanta, Georgia, United States
    Clam antivirus & pure ftp

    Were you able to get it working with pure FTP?
     
  7. mykkal

    mykkal Well-Known Member

    Joined:
    Feb 9, 2007
    Messages:
    120
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Atlanta, Georgia, United States
    Intergrating Clam Antivirus 0.96 & Exim: How Can We Verify its working?

    Is the exim integration supposed to add headers to mail as well?

    I have clam .96 and have tried installing the integration but don't notice any changes to my headers.

    I have no idea if incoming or outgoing mail is being scanned.
     
  8. hackboys

    hackboys Active Member

    Joined:
    Feb 12, 2008
    Messages:
    31
    Likes Received:
    1
    Trophy Points:
    8
    Re: [StepByStep] Installing ClamAV antivirus and integrating with Exim and

    I set CallUploadScript to yes within pure-ftpd.conf, and after running "/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/upload-av-check.sh", I ran "service pure-ftpd restart".

    Then, although the c99_shell.php file (for a test) was uploaded using FTP client software, I do not detect a virus, and not run virusscan-file.
    (For virus detection, I am using clamdscan and virusscan-file has described chmod to it.)

    Although all logs are recorded on the messages file in syslog, only the log which uploaded the c99_shell.php file is recorded.

    If clamdscan is run from ssh shell, c99_shell.php will be detected normally.

    Please advise me that CallUploadScript runs normally if you please.

    CENTOS 5.7 x86_64 standard on server
    WHM 11.31.2 (build 10)
    pure-ftpd-1.0.32-1
     
  9. FractalizeR

    FractalizeR Member

    Joined:
    Mar 31, 2006
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Re: [StepByStep] Installing ClamAV antivirus and integrating with Exim and

    Try to use "eicar" for testing.
     
  10. hackboys

    hackboys Active Member

    Joined:
    Feb 12, 2008
    Messages:
    31
    Likes Received:
    1
    Trophy Points:
    8
    Re: [StepByStep] Installing ClamAV antivirus and integrating with Exim and

    Then, although the eicar file for a test was uploaded using FTP client (filezilla) software, I do not detect a virus!

    If clamdscan is run from ssh command, eicar will be detected normally.

    Please help!
     
Loading...

Share This Page