Situation

Customer Want Scan User Uploads File Real Time And Do Something If File Is Virus With FTP Server.

How To

Install Software

apt update && apt install vsftpd clamav-daemon\
inotify-tools -y

Setting SSH Config

vim /etc/ssh/sshd_config
# Comment This
Subsystem      sftp    /usr/lib/openssh/sftp-server
# Add These
Subsystem       sftp    internal-sftp
Match           Group   sftp
X11Forwarding   no
ChrootDirectory %h
ForceCommand    internal-sftp

Change Permission

mkdir -p ftp_home_path/ftp_user
chown root:root ftp_home_path
chown ftp_user:ftp_user ftp_home_path/user
chmod 755 -R ftp_home_path

Add User, Group And Change User Home Folder

groupadd sftp
useradd -G sftp -s /sbin/nologin ftp_user
usermod -d ftp_home_path/ftp_user

Restart Services

systemctl restart clamav-daemon
systemctl restart vsftpd
systemctl restart sshd

Verify ClamAV Is Running

clamdscan -p 3

Make Script Keep Monitor Foleder And Scan Virus File And Remove That

#!/bin/sh

inotifywait -m -e create /ftp_home_path/* |
       while read dir action file; do
         echo "file create in ${dir}${file}"
         /usr/bin/clamdscan --fdpass --remove ${dir}${file}

       done

If File Is Virus, It Will Return

cp /ftp_home_path/virus.txt /ftp_home_path/test2.txt
file create in /ftp_home_path/test2.txt
root@sftp-server:~# /ftp_home_path/test2.txt: Eicar-Signature FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.001 sec (0 m 0 s)
Start Date: 2022:05:21 01:54:18
End Date:   2022:05:21 01:54:18

Ref : ClamAV

Ref : inotifywait