LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-12-2006, 03:10 AM   #1
the_gripmaster
Member
 
Registered: Jul 2004
Location: VIC, Australia
Distribution: RHEL, CentOS, Ubuntu Server, Ubuntu
Posts: 364

Rep: Reputation: 38
FTP Server


I have a FTP server running on Red Hat Enterprise Linux 4. Every user, when logs in, is chroot-ed to their his/her directory, the path of which is /home/<username>

Now, what I want is, when users upload files to their home directory, a virus scanner would automatically scan the files for malicious content and delete those which contains any such content.

Could anyone please direct me how can I do it? And any good virus scanner as a recommendation?

Thanks.
 
Old 12-12-2006, 08:42 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
when users upload files to their home directory, a virus scanner would automatically scan the files for malicious content and delete those which contains any such content.
I'm not sure how to trigger that using ftpd software (and in fact you didn't mention which you were using).

As an alternative, you might consider running a clamscan every hour using cron. (This scanner is included with the clamav software.) If your directories / files are too large for this to be practical, I'd suggest a more complex cronjob where you check to see if each directory differs from the last time you checked. If it does, you scan it for viruses.

Last edited by anomie; 12-12-2006 at 08:44 PM.
 
Old 12-13-2006, 10:16 AM   #3
the_gripmaster
Member
 
Registered: Jul 2004
Location: VIC, Australia
Distribution: RHEL, CentOS, Ubuntu Server, Ubuntu
Posts: 364

Original Poster
Rep: Reputation: 38
Thanks for your reply. I am using VS FTP.
 
Old 12-13-2006, 10:22 AM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Ok, vsftpd - nice software.

Hopefully one of the two suggestions I made will work out for you.
 
Old 12-13-2006, 10:54 AM   #5
the_gripmaster
Member
 
Registered: Jul 2004
Location: VIC, Australia
Distribution: RHEL, CentOS, Ubuntu Server, Ubuntu
Posts: 364

Original Poster
Rep: Reputation: 38
Hmm...ok...thanks.
 
Old 12-14-2006, 12:42 AM   #6
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
Hey,
I believe vsftpd has a feature which you can block files of specific content. As in if someone uploads an exe file on the FTP server Vsftpd can block the file off itself.
I quote from http://vsftpd.beasts.org/vsftpd_conf.html

deny_file
This option can be used to set a pattern for filenames (and directory names etc.) which should not be accessible in any way. The affected items are not hidden, but any attempt to do anything to them (download, change into directory, affect something within directory etc.) will be denied. This option is very simple, and should not be used for serious access control - the filesystem's permissions should be used in preference. However, this option may be useful in certain virtual user setups. In particular aware that if a filename is accessible by a variety of names (perhaps due to symbolic links or hard links), then care must be taken to deny access to all the names. Access will be denied to items if their name contains the string given by hide_file, or if they match the regular expression specified by hide_file. Note that vsftpd's regular expression matching code is a simple implementation which is a subset of full regular expression functionality. Because of this, you will need to carefully and exhaustively test any application of this option. And you are recommended to use filesystem permissions for any important security policies due to their greater reliability. Example: deny_file={*.mp3,*.mov,.private}
Default: (none)

Hope this helps...

Cheers
Arvind
 
Old 12-14-2006, 07:48 AM   #7
fr_laz
Member
 
Registered: Jan 2005
Location: Cork Ireland
Distribution: Debian
Posts: 384

Rep: Reputation: 32
usually people do this thanks to a filtering proxy...
google proposed frox: http://frox.sourceforge.net/
which you should be able to use with clamav.
hope this helps!
 
Old 12-20-2006, 07:05 PM   #8
bbjmmj
LQ Newbie
 
Registered: Dec 2006
Posts: 8

Rep: Reputation: 0
Using anti-virus software , such as kaspersky or f-secure for linux , but both of them are not free.

Quote:
Originally Posted by the_gripmaster
I have a FTP server running on Red Hat Enterprise Linux 4. Every user, when logs in, is chroot-ed to their his/her directory, the path of which is /home/<username>

Now, what I want is, when users upload files to their home directory, a virus scanner would automatically scan the files for malicious content and delete those which contains any such content.

Could anyone please direct me how can I do it? And any good virus scanner as a recommendation?

Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
In plesk , I wish to have a backup cron job, ftp back up file to another ftp server? muskiediver Linux - General 6 07-16-2009 03:13 AM
ftp server - Pure ftp - logs in OK but no files visible tp11235 Linux - Networking 2 08-30-2005 05:11 AM
FTP Server Up and running... how do I hide ftp users from local login screen? joe1031 Mandriva 2 03-18-2005 04:24 PM
How do I set my FTP server to accept passive FTP? imsam Linux - Newbie 3 12-12-2004 06:22 AM
how can I restrict ftp users listing files from a pure-ftp server adrianmak Linux - Networking 2 12-31-2002 08:23 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration