scan FTP uploaded files on cPanel Servers with ClamAV

First we need install ClamAV, it has been now been included in cPanel/WHM. ClamAV is a free and open-source, cross-platform antivirus software tool-kit able to detect many types of malicious software, including viruses. One of its main uses is on mail servers as a server-side email virus scanner.

You can also install it from your cPanel/WHM interface as root as follows:

Step 1: Click on ‘cPanel’ in ‘WHM’
Step 2: Click on ‘Manage Plugins’
Step 3: Now Click on ‘Install ClamAV for cPanel’

After the successful installation edit the file /etc/pure-ftpd.conf and change this line to:

CallUploadScript yes

Next create file /etc/pure-ftpd/clamav_scan_ftp.sh with this content:

#!/bin/bash
#Maximum file size to scan in bytes that's set to 10MB
MAXSIZE=10485760
if [ "$UPLOAD_SIZE" -le "$MAXSIZE" ]; then
/usr/local/cpanel/3rdparty/bin/clamdscan --remove --quiet --no-summary "$1"
fi

Change its permissions and make it executable:

chmod 755 /etc/pure-ftpd/clamav_scan_ftp.sh

Now we should start the pure-uploadscript daemon every time to call our script when a file is uploaded

/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_scan_ftp.sh

And to let it start with your server/vps reboots just run this:

echo "/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_scan_ftp.sh" >> /etc/rc.d/rc.local

Now restart pure-ftpd:

service pure-ftpd restart

Now all your uploaded files which are less than 10MB in size will be scanned, adjust this size limit per your needs.

Final Words

Use Malware Expert – Signatures to get a better detection rate of malware from files for FREE!