LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 04-23-2010, 03:13 PM   #1
jdev
LQ Newbie
 
Registered: Apr 2010
Posts: 7

Rep: Reputation: 0
integrating clamav into pure-ftpd on Ubuntu 8.04.4


I have an FTP server that I would like to integrate clamav into so that it scans when a file is uploaded.

I have searched all over the internet and have found many solutions (including very well written instructions for debian) but nothing that pertains directly to Ubuntu.

I have installed both clamav and pure-ftpd and pure-ftpd-common via apt-get. If my understanding of pure-ftpd is correct, the --upload-script flag is enabled by default in repository binaries, so, I am working under the assumption that this option is enabled. I based my setup off of the instructions for debian, since nothing looked debian specific.

Here is the contents of my /etc/default/pure-ftpd-common file

Quote:
Originally Posted by /etc/default/pure-ftpd-common
# Configuration for pure-ftpd
# (this file is sourced by /bin/sh, edit accordingly)

# STANDALONE_OR_INETD
# valid values are "standalone" and "inetd".
# Any change here overrides the setting in debconf.
STANDALONE_OR_INETD=standalone

# VIRTUALCHROOT:
# whether to use binary with virtualchroot support
# valid values are "true" or "false"
# Any change here overrides the setting in debconf.
VIRTUALCHROOT=false

# UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,
# pure-uploadscript will also be run to spawn the program given below
# for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or
# pure-uploadscript(8)

# example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl
#UPLOADSCRIPT=
UPLOADSCRIPT=/etc/pure-ftpd/clamav_check.sh


# if set, pure-uploadscript will spawn $UPLOADSCRIPT running as the
# given uid and gid
UPLOADUID=1005
UPLOADGID=1005
Note, the UID/GID is my ftpadmin usergroup.

The contents of clamav_check.sh are as follows:

Quote:
Originally Posted by clamav_check.sh
#!/bin/sh
/usr/bin/clamdscan --remove --quiet --no-summary "$1"
I am using the eciar test virus file. I can on-demand scan the the ftp directory and the clamav scanner picks up the file. What appears to be happening is that though I can ps -aux and see that the upload script kicked off, it doesnt appear to be executing it.

Quote:
Originally Posted by /etc/init.d/pure-ftpd restart
# /etc/init.d/pure-ftpd restart
Restarting ftp server: Running: /usr/sbin/pure-ftpd -l puredb:/etc/pure-ftpd/pureftpd.pdb -A -d -o -u 1000 -E -O clf:/var/log/pure-ftpd/transfer.log -B
Restarting ftp upload handler: pure-uploadscript.
Quote:
Originally Posted by ps -aux | grep pure
# ps -aux | grep pure
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
root 6478 0.0 0.0 5004 652 ? Ss Apr15 0:00 pure-ftpd (SERVER)
1005 22948 0.0 0.0 4808 460 ? Ss 15:10 0:00 /usr/sbin/pure-uploadscript -r /etc/pure-ftpd/clamav_check.sh -B -u 1005 -g 1005
root 22950 0.0 0.0 3004 752 pts/0 R+ 15:11 0:00 grep pure
Restarting generates no error. Looking at a PS, the script is running.

However, if I change the script to say, echo $1 >/tmp/testfile, it does nothing. So this leads me to believe that something is not working properly for the upload script.

I have been hitting my head against the wall on this one for several hours total and it would be nice to have a second set of eyes, or better yet, find someone else who had the same problem and found a resolution to it.

I can provide pretty much any more information you may need to assist. Pretty sure I covered all the bases on this one with what I posted here.

Thanks

Joe.
 
Old 04-24-2010, 08:33 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
It looks like pure-ftpd cannot pass the filename as a variable to the script, maybe because it's running as a different user/group (1005/1005) than the daemon (root)
Comment out
Quote:
UPLOADUID=1005
UPLOADGID=1005
and see if it works
 
Old 04-26-2010, 08:43 AM   #3
jdev
LQ Newbie
 
Registered: Apr 2010
Posts: 7

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by bathory View Post
It looks like pure-ftpd cannot pass the filename as a variable to the script, maybe because it's running as a different user/group (1005/1005) than the daemon (root)
Comment out
and see if it works


The only thing I didn't try, commenting this out. Just tried though and still doesnt seem to have an effect. I have also left the GID and UID blank and set to 0 for the root user/gid and that doesn't seem to change anything.

I have also changed the contents of my clamav_check.sh script to the following:

Quote:
Originally Posted by clamav_check.sh
#!/bin/sh

#/usr/bin/clamdscan --remove --quiet --no-summary "$1"
echo "$1" > /tmp/pure-was-here$(date +%Y%m%d%H%M%S)
which still will not generate the file in tmp once a file is uploaded.
 
Old 04-26-2010, 10:11 AM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
I guess you start pure-ftpd first and then the pure-uploadscript

Some other things to check:

Does the script work?
Code:
/etc/pure-ftpd/clamav_check.sh some-file
You can remove the "--quiet --no-summary" options, so it produces some output.

Is the socket created?
Code:
ls -l /var/run/pure*
You can kill the running pure-uploadscript and run it from CLI without the -B option so you can watch its output

Regards
 
Old 04-26-2010, 10:32 AM   #5
jdev
LQ Newbie
 
Registered: Apr 2010
Posts: 7

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by bathory View Post
I guess you start pure-ftpd first and then the pure-uploadscript

Some other things to check:

Does the script work?
Code:
/etc/pure-ftpd/clamav_check.sh some-file
You can remove the "--quiet --no-summary" options, so it produces some output.

Is the socket created?
Code:
ls -l /var/run/pure*
You can kill the running pure-uploadscript and run it from CLI without the -B option so you can watch its output

Regards
results

Quote:
Originally Posted by ls -l /var/run/pure*
# ls -l /var/run/pure*
-rw-r--r-- 1 root root 5 2010-04-15 14:41 /var/run/pure-ftpd.pid
-rw------- 1 root root 0 2010-04-15 12:27 /var/run/pure-ftpd.upload.lock
prw------- 1 root root 0 2010-04-15 12:27 /var/run/pure-ftpd.upload.pipe
-rw-r--r-- 1 root root 6 2010-04-26 08:41 /var/run/pure-uploadscript.pid

/var/run/pure-ftpd:
total 32
-rw------- 1 root root 1452 2010-04-15 13:23 client-00006278
-rw------- 1 root root 1452 2010-04-15 14:00 client-00006343
-rw------- 1 root root 1452 2010-04-15 14:15 client-00006411
-rw------- 1 root root 1452 2010-04-15 14:15 client-00006413
-rw------- 1 root root 1452 2010-04-15 14:17 client-00006429
-rw------- 1 root root 1452 2010-04-15 14:19 client-00006444
-rw------- 1 root root 1452 2010-04-15 14:40 client-00006468
-rw------- 1 root root 1452 2010-04-26 10:19 client-00024803
and the /usr/bin/clamdscan generated this:

Quote:
# /usr/bin/clamdscan /home/ftpusers/NutshellMail-0414/eicar_com.zip
/home/ftpusers/NutshellMail-0414/eicar_com.zip: lstat() failed: Permission denied. ERROR
so I switched to /usr/bin/clamscan which generated this:

Quote:
# /usr/bin/clamscan /home/ftpusers/NutshellMail-0414/eicar_com.zip
LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************
/home/ftpusers/NutshellMail-0414/eicar_com.zip: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 233411
Engine version: 0.95.3
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 1.526 sec (0 m 1 s)
So, I switched that in the script to use /usr/bin/clamscan which unfortunately didn't change anything.

The script itself is located in /etc/pure-ftpd/ however, files are uploaded to a different location, /home/ftpusers/$USERNAME. I am not sure if that matters though. I think at one point during this procedure I changed the script location to /home/ftpusers/
 
Old 04-26-2010, 01:48 PM   #6
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Just a silly question: did you put "yes" in /etc/pure-ftpd/conf/CallUploadScript?

Also, what I don't like, is the way /etc/default/pure-ftpd-common setup pure-uploadscript to call clamav_check.sh. I.e. it put some options after the script name (clamav_check.sh) that maybe confuse the script.
You can test from CLI using:
Code:
/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh
You can also omit -B, to get the output on screen.
 
Old 04-26-2010, 01:57 PM   #7
jdev
LQ Newbie
 
Registered: Apr 2010
Posts: 7

Original Poster
Rep: Reputation: 0
Yes, I put "yes" in /etc/pure-ftpd/conf/CallUploadScript

I ran /usr/sbin/pure-uploadscript -r /etc/pure-ftpd/clamav_check.sh from the command line, uploaded a virus to the server, didnt spit out anything. My clamav_check.sh script now looks like this:

Quote:
Originally Posted by clamav_check.sh
# cat clamav_check.sh
#!/bin/sh

#/usr/bin/clamscan --remove --quiet --no-summary "$1"
/usr/bin/clamscan "$1"
#echo "$1" > /tmp/pure-was-here$(date +%Y%m%d%H%M%S)
For good measure, I also changed it from #!/bin/sh to #!/bin/bash. That didnt seem to help or hurt anything.


[edit 14:16]

killed the current instance of the script running. copied the contents to /home/ftpusers/ and reran the script from the command line using the echoing of "$1" into a file in tmp. Still nothing.

Last edited by jdev; 04-26-2010 at 02:16 PM. Reason: adding more info.
 
Old 04-26-2010, 03:05 PM   #8
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
I cannot tell why pure-ftpd does not pass the uploaded file filename as the $1 parameter in the pure-uploadscript.
Maybe if you use apparmor, it doesn't allow pure-ftpd to write to the pipe. I don't know what else to say...

I had never problem with that in Slackware. I'm using /etc/rc.d/rc.pure-ftpd:
Code:
#!/bin/sh
/usr/local/sbin/pure-config.pl /etc/pure-ftpd.conf
/usr/local/sbin/pure-uploadscript -B -r /usr/local/bin/pure-ftpd-1.0.29/scan.sh
Maybe you should ditch the configuration used by Ubuntu and do it by hand, as above.
 
Old 04-28-2010, 03:03 PM   #9
jdev
LQ Newbie
 
Registered: Apr 2010
Posts: 7

Original Poster
Rep: Reputation: 0
downloaded and compiled on a test server.

compile statement:

./configure --prefix=/etc/pure-ftpd --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc/pure-ftpd --with-everything

no errors during configure, make, or make install. everything should be fine, right?

well, at first it was. On my test server I was able to get this working for a moment (pure + clam) but moments ago when I just went back to demonstrate to a colleague, it stopped working.

pure-ftpd NEEDS to be started with the -o flag for pure-uploadscript to function properly. At first, starting this with the -o flag worked fine and I was excited to have this working. Now, when I start pure-ftpd it just seems to not want to work. Here is what I mean.

Quote:
# /usr/sbin/pure-ftpd -B -o -l puredb:/etc/pure-ftpd/pureftpd.pdb
# ps aux | grep pure
root 10587 0.0 0.0 7508 760 pts/1 S 14:52 0:00 /usr/sbin/pure-ftpd -o -l puredb:/etc/pure-ftpd/pureftpd.pdb
root 10592 0.0 0.0 5164 832 pts/1 S+ 14:58 0:00 grep pure
Now, if I kill the previous process and restart without the -o flag:

Quote:
#/usr/sbin/pure-ftpd -B -l puredb:/etc/pure-ftpd/pureftpd.pdb
# ps aux | grep pure
root 10594 0.0 0.0 7508 456 ? Ss 15:01 0:00 pure-ftpd (SERVER)
root 10596 0.0 0.0 5164 832 pts/1 S+ 15:01 0:00 grep pure
as you can see, the ftp server started as it should and I can connect, upload, delete, do whatever I need to.

So, after compiling from source, I am still at the same point, though earlier this morning I did have it working just fine. Frustrating process to say the least.
 
Old 04-28-2010, 03:22 PM   #10
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Hi,

Since you built it from source you should use the wrapper perl script to start pure-ftpd using pure-ftpd.conf
Quote:
/usr/local/sbin/pure-config.pl /etc/pure-ftpd.conf
With this script pure-ftpd starts with:
Code:
/usr/local/sbin/pure-ftpd -A -c50 -B -C8 -D -fsecurity -H -I15 -L10000:8 -m4 -s -U133:022 -u100 -o -k99 -Z
Edit /etc/pure-ftpd.conf to set the following, among others you may want to use:
Quote:
Daemonize yes
CallUploadScript yes
Then start the upload-script
Quote:
/usr/local/sbin/pure-uploadscript -B -r /path/to/scan.sh
and you should be OK.

Btw if you want to build pure-ftpd like your distro's package, you should have used /usr as a prefix
Quote:
./configure --prefix=/usr ...

Last edited by bathory; 04-28-2010 at 03:24 PM.
 
Old 04-28-2010, 04:05 PM   #11
jdev
LQ Newbie
 
Registered: Apr 2010
Posts: 7

Original Poster
Rep: Reputation: 0
Now I am slightly confused.

All the confs for pure-ftpd are running out of /etc/pure-ftpd/conf

For example, the file CallUploadScript contains "yes" which would tell pure-ftpd that you want to utilize an upload script.

What I dont get is that this morning, no more than 5 hours ago, I was able to start and daemonize this from the command line, and now, nothing. I cant even copy this:

Quote:
/usr/sbin/pure-ftpd -A -c50 -B -C8 -D -fsecurity -H -I15 -L10000:8 -m4 -s -U133:022 -u100 -o -k99 -Z
and get the system to work. It will not start the FTP server normally.

I can start the ftp server with perl script as you suggested. I will need to add this to the rc.local file to have this automatically start on boot. For my testing purposes I can start/background it and while the server starts, I now have an auth error as the output from the wrapper perl script does not include the -l puredb:/etc/pure-ftpd/pureftpd.pdb switch. If I try to start the server with that switch, [b]perl pure-config.pl /etc/pure-ftpd.conf -l puredb:/etc/pure-ftpd/pureftpd.pdb it wont start properly and I cannot login to the server despite it being up and running.

I would much rather have this working to the point where it was this morning, where I could enter the following into the rc.local file to have it just execute:

Quote:
/usr/sbin/pure-ftpd -B -o -l puredb:/etc/pure-ftpd/pureftpdb.pdb
/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh
on boot. Ultimately, ideally, I would love to have an init.d script for this so I dont have to grep for the process, kill it, then remember the string to restart it again.
 
Old 04-28-2010, 04:32 PM   #12
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Quote:
All the confs for pure-ftpd are running out of /etc/pure-ftpd/conf
That is true for the ubuntu pure-ftpd package. Your pure-ftpd that is installed from source should have the perl script modified to use the same directory structure.
Quote:
I now have an auth error as the output from the wrapper perl script does not include the -l puredb:/etc/pure-ftpd/pureftpd.pdb switch. If I try to start the server with that switch, [b]perl pure-config.pl /etc/pure-ftpd.conf -l puredb:/etc/pure-ftpd/pureftpd.pdb it wont start properly and I cannot login to the server despite it being up and running.
You can use:
Code:
PureDB /etc/pure-ftpd/pureftpdb.pdb
in /etc/pure-ftpd.conf if you want to use the database for authentication.
You can kill, or reload the process using
Code:
killall -9 pure-ftp
killall -HUP pure-ftpd
without the need to know the pure-ftpd pid

Last edited by bathory; 04-28-2010 at 04:33 PM.
 
  


Reply

Tags
clamav, pureftpd, ubuntu


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
pure-ftpd-mysql activates pure-ftpd zvikamer Linux - Software 2 03-01-2008 01:11 PM
pure-ftpd kristof_v Linux - Software 0 10-08-2006 07:41 AM
Pure-Ftpd olva Red Hat 0 05-12-2006 08:01 AM
Pure-ftpd Yoinx Linux - Software 0 10-18-2004 01:12 PM
help with pure-ftpd blank Linux - General 3 03-31-2002 11:54 AM


All times are GMT -5. The time now is 10:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration