Snort creator and CTO of Sourcefire, Marty Roesch, talked to The H about the next generation of malware detection in development at Sourcefire – Razorback
Tampilkan postingan dengan label ClamAV. Tampilkan semua postingan
Tampilkan postingan dengan label ClamAV. Tampilkan semua postingan
Minggu, 05 Juni 2011
Sabtu, 21 Mei 2011
How To Integrate ClamAV Into PureFTPd For Virus Scanning On Fedora 14
This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on a Fedora 14 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.
Read more at HowtoForge
Jumat, 29 April 2011
How To Integrate ClamAV Into PureFTPd For Virus Scanning On Ubuntu 10.10
This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on an Ubuntu 10.10 system. In the end, whenever a file gets uploaded through PureFTPd, ClamAV will check the file and delete it if it is malware.
I do not issue any guarantee that this will work for you!
You should have a working PureFTPd setup on your Ubuntu 10.10 server, e.g. as shown in this tutorial: Virtual Hosting With PureFTPd And MySQL (Incl. Quota And Bandwidth Management) On Ubuntu 10.10 (Maverick Meerkat).
Make sure that you are logged in as root (type in
sudo suto become root), because we must run all the steps from this tutorial as root user.
ClamAV can be installed as follows:
apt-get install clamav clamav-daemonStart the ClamAV daemon:
/etc/init.d/clamav-daemon startFirst we create the file /etc/pure-ftpd/conf/CallUploadScript which simply contains the string yes:
echo "yes" > /etc/pure-ftpd/conf/CallUploadScriptNext we create the file /etc/pure-ftpd/clamav_check.sh (which will call /usr/bin/clamdscan whenever a file is uploaded through PureFTPd)...
vi /etc/pure-ftpd/clamav_check.sh#!/bin/sh/usr/bin/clamdscan --remove --quiet --no-summary "$1"
... and make it executable:
chmod 755 /etc/pure-ftpd/clamav_check.shNow we edit /etc/default/pure-ftpd-common...
vi /etc/default/pure-ftpd-common... and change the UPLOADSCRIPT line as follows:
[...]# UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,# pure-uploadscript will also be run to spawn the program given below# for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or# pure-uploadscript(8)# example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.plUPLOADSCRIPT=/etc/pure-ftpd/clamav_check.sh[...]Finally we restart PureFTPd:
/etc/init.d/pure-ftpd-mysql restartThat's it! Now whenever someone tries to upload malware to your server through PureFTPd, the "bad" file(s) will be silently deleted.
Langganan:
Postingan (Atom)