Activity Stream
48,167 MEMBERS
6898 ONLINE
besthostingforums On YouTube Subscribe to our Newsletter besthostingforums On Twitter besthostingforums On Facebook besthostingforums On facebook groups

Results 1 to 9 of 9
  1.     
    #1
    Member

    Lightbulb How to Scan & Stop Uploading Infected Files to Your Server

    To scan and stop uploading infected files to your server , you need to enable ClamAV with PureFTP (Do not use this with ProFTP or other FTP services on your server).

    1. Make sure Clamav is installed on your server and/or up-to-date.

    Clamav binary files are installed in (for a cPanel and DirectAdmin powered server)
    /usr/local/bin and /usr/bin/

    Using your favorite Linux text editor such as vi or pico, edit /etc/pure-ftpd.conf file and set the entry:

    From:
    #CallUploadScript yes

    To:
    CallUploadScript yes

    Save and exit the file /etc/pure-ftpd.conf.

    2. Edit the file /etc/init.d/pure-ftpd
    Find the following entry:
    $DAEMONIZE $fullpath /etc/pure-ftpd.conf -O clf:/var/log/xferlog $OPTIONS --daemonize
    right underneath this entry add the following line:
    $DAEMONIZE /usr/sbin/pure-uploadscript -B -r /var/run/pure-ftpd/clamscan.sh

    3. Find the following entry:
    kill $(cat /var/run/pure-ftpd.pid)
    right underneath this entry add the following line:
    kill $(cat /var/run/pure-ftpd/pure-uploadscript.pid)

    4. Save and exit the file /etc/init.d/pure-ftpd

    5. Change the directory to:
    cd /var/run/pure-ftpd/

    6. Create the following script: clamscan.sh and insert the following text

    PHP Code: 
    #!/bin/sh

    if [ "$1" "" ]; then
    echo 'Variable is blank';
    exit;
    fi
    if [ ! -"$1" ]; then
    echo "$1 file not found"
    exit;
    fi


    date
    =`date '+%d-%m-%y %H:%M'`;
    scan=`/usr/bin/clamdscan --remove --no-summary "$1"`;
    echo 
    "$date ClamAV $scan>> /var/log/messages 
    7. Save and exit the file clamscan.sh. Then run the following commands at the prompt:
    * chmod 755 /var/run/pure-ftpd/clamscan.sh
    * /sbin/service pure-ftpd restart

    Since we used the switch --remove with the clamscan command in the script above, infected files will be permanently deleted. If you do not want the script to delete infected files and just move them to a directory, change the following entry:

    From:
    scan=`/usr/bin/clamdscan --remove --no-summary "$1"`;

    To:
    scan=`/usr/bin/clamdscan --move=/root/junk --no-summary "$1"`;

    If you do that, you need to create the subdirectory junk in the /root directory. To do so, execute this command:

    * mkdir /root/junk

    NOW ALL DONE!
    ashutariyal Reviewed by ashutariyal on . How to Scan & Stop Uploading Infected Files to Your Server To scan and stop uploading infected files to your server , you need to enable ClamAV with PureFTP (Do not use this with ProFTP or other FTP services on your server). 1. Make sure Clamav is installed on your server and/or up-to-date. Clamav binary files are installed in (for a cPanel and DirectAdmin powered server) /usr/local/bin and /usr/bin/ Using your favorite Linux text editor such as vi or pico, edit /etc/pure-ftpd.conf file and set the entry: From: Rating: 5

  2.   Sponsored Links

  3.     
    #2
    Member
    Can anyone confrim this?

  4.     
    #3
    (╯?□?)╯︵ ┻━┻
    Website's:
    Xenu.ws WarezLinkers.com SerialSurf.com CracksDirect.com
    Probably works but non-c99 shells wont be detected, so say hello to script kiddies.

  5.     
    #4
    Member
    Website's:
    qwerty-roms.net
    Could you have a PHP script which did this -

    Looked at the PHP file, and if it contained keywords which are in shells e.g. -

    C99
    C100
    Hacking
    Shell

    It would not upload it, if it didnt have any of the keywords, it would upload it.

  6.     
    #5
    Member
    I would also like to know this

  7.     
    #6
    Member
    Another way could be to stop peopel from uploading to your server and just upload to file hosting sites.

  8.     
    #7
    Probation
    Make sure to have php edit config access /usr/local/bin and /usr/bin/ like here. Most of hosting won't gave you so just ask.

  9.     
    #8
    Member
    Intersesting.

  10.     
    #9
    Member
    clamav even that good tho? sucked ass on windows, what makes it so good on a server... i bet theres exploits for clamav on milworm, so f*ck that open source sh*t (i love oss, but not oss av)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. sourceforge files clean or infected?
    By darkpichu in forum General Discussion
    Replies: 7
    Last Post: 26th Aug 2011, 10:57 AM
  2. stop while uploading
    By tut2tut in forum Webmaster Discussion
    Replies: 8
    Last Post: 1st Jul 2011, 11:38 AM
  3. PHP Scan dir for idetical files
    By Porsche_maniak in forum Web Development Area
    Replies: 30
    Last Post: 14th Jul 2010, 06:23 AM
  4. Stop uploading to RS?
    By yasser37 in forum General Discussion
    Replies: 1
    Last Post: 17th May 2010, 01:23 PM
  5. Always scan files befor opeing...
    By MrPeanut420 in forum Useful Sites
    Replies: 3
    Last Post: 5th Feb 2010, 09:57 AM

Tags for this Thread

BE SOCIAL