Situation
Customer Want Scan User Uploads File Real Time And Do Something If File Is Virus With FTP Server.
How To
Install Software
apt update && apt install vsftpd clamav-daemon\
inotify-tools -y
Setting SSH Config
vim /etc/ssh/sshd_config
# Comment This
Subsystem sftp /usr/lib/openssh/sftp-server
# Add These
Subsystem sftp internal-sftp
Match Group sftp
X11Forwarding no
ChrootDirectory %h
ForceCommand internal-sftp
Change Permission
mkdir -p ftp_home_path/ftp_user
chown root:root ftp_home_path
chown ftp_user:ftp_user ftp_home_path/user
chmod 755 -R ftp_home_path
Add User, Group And Change User Home Folder
groupadd sftp
useradd -G sftp -s /sbin/nologin ftp_user
usermod -d ftp_home_path/ftp_user
Restart Services
systemctl restart clamav-daemon
systemctl restart vsftpd
systemctl restart sshd
Verify ClamAV Is Running
clamdscan -p 3
Make Script Keep Monitor Foleder And Scan Virus File And Remove That
#!/bin/sh
inotifywait -m -e create /ftp_home_path/* |
while read dir action file; do
echo "file create in ${dir}${file}"
/usr/bin/clamdscan --fdpass --remove ${dir}${file}
done
If File Is Virus, It Will Return
cp /ftp_home_path/virus.txt /ftp_home_path/test2.txt
file create in /ftp_home_path/test2.txt
root@sftp-server:~# /ftp_home_path/test2.txt: Eicar-Signature FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.001 sec (0 m 0 s)
Start Date: 2022:05:21 01:54:18
End Date: 2022:05:21 01:54:18
Ref : ClamAV
Ref : inotifywait