Every upload via FTP/SFTP be scanned by clamav

kingkashif · 08-15-2009, 06:06 AM

hello all..

Well i have setup clamav with my sendmail using MailScanner which is working perfectly as it should.

Now the problem is that for example i am a hosting company and i provide hosting to users. There maybe some malicious users who could upload for example "php shell". As you can guess he/she could then do a lot with it because virtually they'll have fully working shell available. They could easily view /etc/password and many other files..

Now what i want is that whenever any user uploads anything to his account, it should be scanned with clamav and if clamav recognizes the file as "php shell" or any other malicious content then it should delete it..

Hope i would find a solution ...

regards

TB0ne · 08-15-2009, 12:39 PM

Quote:

Originally Posted by kingkashif

hello all..

Well i have setup clamav with my sendmail using MailScanner which is working perfectly as it should.

Now the problem is that for example i am a hosting company and i provide hosting to users. There maybe some malicious users who could upload for example "php shell". As you can guess he/she could then do a lot with it because virtually they'll have fully working shell available. They could easily view /etc/password and many other files..

Now what i want is that whenever any user uploads anything to his account, it should be scanned with clamav and if clamav recognizes the file as "php shell" or any other malicious content then it should delete it..

Hope i would find a solution ...

regards

Reference the clamav documentation, and look at the clamuko and clamdscan options. You can also write a small script, to execute a scan on specific directories, when something changes.

win32sux · 08-15-2009, 02:26 PM

Also, look into employing some isolation techniques, so that the damage they can do will be contained. In other words, I recommend you work under the assumption that ClamAV won't be effective at all.