Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a FTP server running on Red Hat Enterprise Linux 4. Every user, when logs in, is chroot-ed to their his/her directory, the path of which is /home/<username>
Now, what I want is, when users upload files to their home directory, a virus scanner would automatically scan the files for malicious content and delete those which contains any such content.
Could anyone please direct me how can I do it? And any good virus scanner as a recommendation?
when users upload files to their home directory, a virus scanner would automatically scan the files for malicious content and delete those which contains any such content.
I'm not sure how to trigger that using ftpd software (and in fact you didn't mention which you were using).
As an alternative, you might consider running a clamscan every hour using cron. (This scanner is included with the clamav software.) If your directories / files are too large for this to be practical, I'd suggest a more complex cronjob where you check to see if each directory differs from the last time you checked. If it does, you scan it for viruses.
Hey,
I believe vsftpd has a feature which you can block files of specific content. As in if someone uploads an exe file on the FTP server Vsftpd can block the file off itself.
I quote from http://vsftpd.beasts.org/vsftpd_conf.html
deny_file
This option can be used to set a pattern for filenames (and directory names etc.) which should not be accessible in any way. The affected items are not hidden, but any attempt to do anything to them (download, change into directory, affect something within directory etc.) will be denied. This option is very simple, and should not be used for serious access control - the filesystem's permissions should be used in preference. However, this option may be useful in certain virtual user setups. In particular aware that if a filename is accessible by a variety of names (perhaps due to symbolic links or hard links), then care must be taken to deny access to all the names. Access will be denied to items if their name contains the string given by hide_file, or if they match the regular expression specified by hide_file. Note that vsftpd's regular expression matching code is a simple implementation which is a subset of full regular expression functionality. Because of this, you will need to carefully and exhaustively test any application of this option. And you are recommended to use filesystem permissions for any important security policies due to their greater reliability. Example: deny_file={*.mp3,*.mov,.private}
Default: (none)
usually people do this thanks to a filtering proxy...
google proposed frox: http://frox.sourceforge.net/
which you should be able to use with clamav.
hope this helps!
Using anti-virus software , such as kaspersky or f-secure for linux , but both of them are not free.
Quote:
Originally Posted by the_gripmaster
I have a FTP server running on Red Hat Enterprise Linux 4. Every user, when logs in, is chroot-ed to their his/her directory, the path of which is /home/<username>
Now, what I want is, when users upload files to their home directory, a virus scanner would automatically scan the files for malicious content and delete those which contains any such content.
Could anyone please direct me how can I do it? And any good virus scanner as a recommendation?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.