integrating clamav into pure-ftpd on Ubuntu 8.04.4
I have an FTP server that I would like to integrate clamav into so that it scans when a file is uploaded.
I have searched all over the internet and have found many solutions (including very well written instructions for debian) but nothing that pertains directly to Ubuntu. I have installed both clamav and pure-ftpd and pure-ftpd-common via apt-get. If my understanding of pure-ftpd is correct, the --upload-script flag is enabled by default in repository binaries, so, I am working under the assumption that this option is enabled. I based my setup off of the instructions for debian, since nothing looked debian specific. Here is the contents of my /etc/default/pure-ftpd-common file Quote:
The contents of clamav_check.sh are as follows: Quote:
Quote:
Quote:
However, if I change the script to say, echo $1 >/tmp/testfile, it does nothing. So this leads me to believe that something is not working properly for the upload script. I have been hitting my head against the wall on this one for several hours total and it would be nice to have a second set of eyes, or better yet, find someone else who had the same problem and found a resolution to it. I can provide pretty much any more information you may need to assist. Pretty sure I covered all the bases on this one with what I posted here. Thanks Joe. |
It looks like pure-ftpd cannot pass the filename as a variable to the script, maybe because it's running as a different user/group (1005/1005) than the daemon (root)
Comment out Quote:
|
Quote:
The only thing I didn't try, commenting this out. Just tried though and still doesnt seem to have an effect. I have also left the GID and UID blank and set to 0 for the root user/gid and that doesn't seem to change anything. I have also changed the contents of my clamav_check.sh script to the following: Quote:
|
I guess you start pure-ftpd first and then the pure-uploadscript
Some other things to check: Does the script work? Code:
/etc/pure-ftpd/clamav_check.sh some-file Is the socket created? Code:
ls -l /var/run/pure* Regards |
Quote:
Quote:
Quote:
Quote:
The script itself is located in /etc/pure-ftpd/ however, files are uploaded to a different location, /home/ftpusers/$USERNAME. I am not sure if that matters though. I think at one point during this procedure I changed the script location to /home/ftpusers/ |
Just a silly question: did you put "yes" in /etc/pure-ftpd/conf/CallUploadScript?
Also, what I don't like, is the way /etc/default/pure-ftpd-common setup pure-uploadscript to call clamav_check.sh. I.e. it put some options after the script name (clamav_check.sh) that maybe confuse the script. You can test from CLI using: Code:
/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh |
Yes, I put "yes" in /etc/pure-ftpd/conf/CallUploadScript
I ran /usr/sbin/pure-uploadscript -r /etc/pure-ftpd/clamav_check.sh from the command line, uploaded a virus to the server, didnt spit out anything. My clamav_check.sh script now looks like this: Quote:
[edit 14:16] killed the current instance of the script running. copied the contents to /home/ftpusers/ and reran the script from the command line using the echoing of "$1" into a file in tmp. Still nothing. |
I cannot tell why pure-ftpd does not pass the uploaded file filename as the $1 parameter in the pure-uploadscript.
Maybe if you use apparmor, it doesn't allow pure-ftpd to write to the pipe. I don't know what else to say... I had never problem with that in Slackware. I'm using /etc/rc.d/rc.pure-ftpd: Code:
#!/bin/sh |
downloaded and compiled on a test server.
compile statement: ./configure --prefix=/etc/pure-ftpd --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc/pure-ftpd --with-everything no errors during configure, make, or make install. everything should be fine, right? well, at first it was. On my test server I was able to get this working for a moment (pure + clam) but moments ago when I just went back to demonstrate to a colleague, it stopped working. pure-ftpd NEEDS to be started with the -o flag for pure-uploadscript to function properly. At first, starting this with the -o flag worked fine and I was excited to have this working. Now, when I start pure-ftpd it just seems to not want to work. Here is what I mean. Quote:
Quote:
So, after compiling from source, I am still at the same point, though earlier this morning I did have it working just fine. Frustrating process to say the least. |
Hi,
Since you built it from source you should use the wrapper perl script to start pure-ftpd using pure-ftpd.conf Quote:
Code:
/usr/local/sbin/pure-ftpd -A -c50 -B -C8 -D -fsecurity -H -I15 -L10000:8 -m4 -s -U133:022 -u100 -o -k99 -Z Quote:
Quote:
Btw if you want to build pure-ftpd like your distro's package, you should have used /usr as a prefix Quote:
|
Now I am slightly confused.
All the confs for pure-ftpd are running out of /etc/pure-ftpd/conf For example, the file CallUploadScript contains "yes" which would tell pure-ftpd that you want to utilize an upload script. What I dont get is that this morning, no more than 5 hours ago, I was able to start and daemonize this from the command line, and now, nothing. I cant even copy this: Quote:
I can start the ftp server with perl script as you suggested. I will need to add this to the rc.local file to have this automatically start on boot. For my testing purposes I can start/background it and while the server starts, I now have an auth error as the output from the wrapper perl script does not include the -l puredb:/etc/pure-ftpd/pureftpd.pdb switch. If I try to start the server with that switch, [b]perl pure-config.pl /etc/pure-ftpd.conf -l puredb:/etc/pure-ftpd/pureftpd.pdb it wont start properly and I cannot login to the server despite it being up and running. I would much rather have this working to the point where it was this morning, where I could enter the following into the rc.local file to have it just execute: Quote:
|
Quote:
Quote:
Code:
PureDB /etc/pure-ftpd/pureftpdb.pdb You can kill, or reload the process using Code:
killall -9 pure-ftp |
All times are GMT -5. The time now is 02:18 PM. |