integrating clamav into pure-ftpd on Ubuntu 8.04.4
 

I have an FTP server that I would like to integrate clamav into so that it scans when a file is uploaded.

I have searched all over the internet and have found many solutions (including very well written instructions for debian) but nothing that pertains directly to Ubuntu.

I have installed both clamav and pure-ftpd and pure-ftpd-common via apt-get. If my understanding of pure-ftpd is correct, the --upload-script flag is enabled by default in repository binaries, so, I am working under the assumption that this option is enabled. I based my setup off of the instructions for debian, since nothing looked debian specific.

Here is the contents of my /etc/default/pure-ftpd-common file

Note, the UID/GID is my ftpadmin usergroup.

The contents of clamav_check.sh are as follows:

I am using the eciar test virus file. I can on-demand scan the the ftp directory and the clamav scanner picks up the file. What appears to be happening is that though I can ps -aux and see that the upload script kicked off, it doesnt appear to be executing it.

Restarting generates no error. Looking at a PS, the script is running.

However, if I change the script to say, echo $1 >/tmp/testfile, it does nothing. So this leads me to believe that something is not working properly for the upload script.

I have been hitting my head against the wall on this one for several hours total and it would be nice to have a second set of eyes, or better yet, find someone else who had the same problem and found a resolution to it.

I can provide pretty much any more information you may need to assist. Pretty sure I covered all the bases on this one with what I posted here.

Thanks

Joe.

It looks like pure-ftpd cannot pass the filename as a variable to the script, maybe because it's running as a different user/group (1005/1005) than the daemon (root)
Comment out
and see if it works

The only thing I didn't try, commenting this out. Just tried though and still doesnt seem to have an effect. I have also left the GID and UID blank and set to 0 for the root user/gid and that doesn't seem to change anything.

I have also changed the contents of my clamav_check.sh script to the following:

which still will not generate the file in tmp once a file is uploaded.

I guess you start pure-ftpd first and then the pure-uploadscript

Some other things to check:

Does the script work?
You can remove the "--quiet --no-summary" options, so it produces some output.

Is the socket created?
You can kill the running pure-uploadscript and run it from CLI without the -B option so you can watch its output

Regards

results

and the /usr/bin/clamdscan generated this:

so I switched to /usr/bin/clamscan which generated this:

So, I switched that in the script to use /usr/bin/clamscan which unfortunately didn't change anything.

The script itself is located in /etc/pure-ftpd/ however, files are uploaded to a different location, /home/ftpusers/$USERNAME. I am not sure if that matters though. I think at one point during this procedure I changed the script location to /home/ftpusers/

Just a silly question: did you put "yes" in /etc/pure-ftpd/conf/CallUploadScript?

Also, what I don't like, is the way /etc/default/pure-ftpd-common setup pure-uploadscript to call clamav_check.sh. I.e. it put some options after the script name (clamav_check.sh) that maybe confuse the script.
You can test from CLI using:
You can also omit -B, to get the output on screen.

Yes, I put "yes" in /etc/pure-ftpd/conf/CallUploadScript

I ran /usr/sbin/pure-uploadscript -r /etc/pure-ftpd/clamav_check.sh from the command line, uploaded a virus to the server, didnt spit out anything. My clamav_check.sh script now looks like this:

For good measure, I also changed it from #!/bin/sh to #!/bin/bash. That didnt seem to help or hurt anything.


[edit 14:16]

killed the current instance of the script running. copied the contents to /home/ftpusers/ and reran the script from the command line using the echoing of "$1" into a file in tmp. Still nothing.

I cannot tell why pure-ftpd does not pass the uploaded file filename as the $1 parameter in the pure-uploadscript.
Maybe if you use apparmor, it doesn't allow pure-ftpd to write to the pipe. I don't know what else to say...

I had never problem with that in Slackware. I'm using /etc/rc.d/rc.pure-ftpd:
Maybe you should ditch the configuration used by Ubuntu and do it by hand, as above.

downloaded and compiled on a test server.

compile statement:

./configure --prefix=/etc/pure-ftpd --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc/pure-ftpd --with-everything

no errors during configure, make, or make install. everything should be fine, right?

well, at first it was. On my test server I was able to get this working for a moment (pure + clam) but moments ago when I just went back to demonstrate to a colleague, it stopped working.

pure-ftpd NEEDS to be started with the -o flag for pure-uploadscript to function properly. At first, starting this with the -o flag worked fine and I was excited to have this working. Now, when I start pure-ftpd it just seems to not want to work. Here is what I mean.

Now, if I kill the previous process and restart without the -o flag:

as you can see, the ftp server started as it should and I can connect, upload, delete, do whatever I need to.

So, after compiling from source, I am still at the same point, though earlier this morning I did have it working just fine. Frustrating process to say the least.

Hi,

Since you built it from source you should use the wrapper perl script to start pure-ftpd using pure-ftpd.conf
With this script pure-ftpd starts with:
Edit /etc/pure-ftpd.conf to set the following, among others you may want to use:
Then start the upload-script
and you should be OK.

Btw if you want to build pure-ftpd like your distro's package, you should have used /usr as a prefix

Now I am slightly confused.

All the confs for pure-ftpd are running out of /etc/pure-ftpd/conf

For example, the file CallUploadScript contains "yes" which would tell pure-ftpd that you want to utilize an upload script.

What I dont get is that this morning, no more than 5 hours ago, I was able to start and daemonize this from the command line, and now, nothing. I cant even copy this:

and get the system to work. It will not start the FTP server normally.

I can start the ftp server with perl script as you suggested. I will need to add this to the rc.local file to have this automatically start on boot. For my testing purposes I can start/background it and while the server starts, I now have an auth error as the output from the wrapper perl script does not include the -l puredb:/etc/pure-ftpd/pureftpd.pdb switch. If I try to start the server with that switch, [b]perl pure-config.pl /etc/pure-ftpd.conf -l puredb:/etc/pure-ftpd/pureftpd.pdb it wont start properly and I cannot login to the server despite it being up and running.

I would much rather have this working to the point where it was this morning, where I could enter the following into the rc.local file to have it just execute:

on boot. Ultimately, ideally, I would love to have an init.d script for this so I dont have to grep for the process, kill it, then remember the string to restart it again.

That is true for the ubuntu pure-ftpd package. Your pure-ftpd that is installed from source should have the perl script modified to use the same directory structure.
You can use:
in /etc/pure-ftpd.conf if you want to use the database for authentication.
You can kill, or reload the process using
without the need to know the pure-ftpd pid