scan FTP uploaded files on cPanel Servers with ClamAV
First we need install ClamAV, it has been now been included in cPanel/WHM. ClamAV is a free and open-source, cross-platform antivirus software tool-kit able to detect many types of malicious software, including viruses. One of its main uses is on mail servers as a server-side email virus scanner.
You can also install it from your cPanel/WHM interface as root as follows:
Step 1: Click on ‘cPanel’ in ‘WHM’
Step 2: Click on ‘Manage Plugins’
Step 3: Now Click on ‘Install ClamAV for cPanel’
After the successful installation edit the file /etc/pure-ftpd.conf and change this line to:
CallUploadScript yes
Next create file /etc/pure-ftpd/clamav_scan_ftp.sh with this content:
#!/bin/bash #Maximum file size to scan in bytes that's set to 10MB MAXSIZE=10485760 if [ "$UPLOAD_SIZE" -le "$MAXSIZE" ]; then /usr/local/cpanel/3rdparty/bin/clamdscan --remove --quiet --no-summary "$1" fi
Change its permissions and make it executable:
chmod 755 /etc/pure-ftpd/clamav_scan_ftp.sh
Now we should start the pure-uploadscript daemon every time to call our script when a file is uploaded
/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_scan_ftp.sh
And to let it start with your server/vps reboots just run this:
echo "/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_scan_ftp.sh" >> /etc/rc.d/rc.local
Now restart pure-ftpd:
service pure-ftpd restart
Now all your uploaded files which are less than 10MB in size will be scanned, adjust this size limit per your needs.
Final Words
Use Malware Expert – Signatures to get a better detection rate of malware from files for FREE!