JSCAPE Secure FTP Server - Automatic Virus Scanning using ClamAV
If you are like most organizations then your FTP server accepts file uploads from both internal users (employees) and external users (customers and business partners). In addition to ensuring that data is transmitted securely via encryption protocols such as FTPS and/or PGP, you should also take measures to verify that the data received does not contain a virus or trojan.
The purpose of this tutorial is to demonstrate how you can automatically perform virus scans whenever a file is uploaded to your server. This tutorial focuses specifically on using the open-source ClamAV virus scanning software in a Linux environment. ClamAV is also available for Windows however you may use any anti-virus scanning software that can be invoked from the command line.
Download and install JSCAPE Secure FTP Server
Download and install ClamAV
Like most anti-virus software ClamAV uses a database of virus definition signatures to detect viruses. In order to maximize virus protection it is recommended that these definition files be updated frequently and automatically. The virus definition signatures for ClamAV may be easily updated using the freshclam command. However, to have these signatures updated automatically we will need to create a trigger. This trigger will invoke the freshclam command every 24 hours at 1 a.m.
1. Open JSCAPE Secure FTP Server Manager and click on the Triggers node.
2. Click the "Add" button to begin adding a new trigger.
3. In the "Name" field enter "Clamav Virus Definition Update" and in the "Event Type" field select the "Current Time" option. Click "Next" to continue.
4. Set the condition to "Hour EQUALS 1 AND Minute Equals 0". Click "Next" to continue.
5. Select the "Action Type" of "Run Process" and set the "Program" field to the full path of the freshclam binary. Click "OK" to continue.
Now that we have added the trigger for automatically updating the virus definitions, our next step is to add a trigger that will automatically scan files for viruses when they are uploaded.
1. In Triggers node of JSCAPE Secure FTP Server click the "Add" button to begin adding a new trigger.
2. Enter "Clamav Virus Scan" in the "Name" field and "File Upload" in the "Event Type" field. Click "Next" to continue.
2. Set the condition to "Success EQUALS true". Click "Next" to continue.
3. Set the "Action Type" field to "Run Process", the "Program" field to the full path of the clamscan binary, and the "Arguments" field to the arguments to pass to the clamscan binary. The --move=/opt/JSCAPE_Secure_FTP_Server/users/infected argument specifies the directory that infected files should be moved to. The %LocalPath% variable represents the uploaded file to be scanned.
To be notified when an infected file is detected we will use a Directory Monitor combined with a Trigger.
1. In Directory Monitors node of JSCAPE Secure FTP Server Manager click on the "Add" button to begin adding a new monitor.
2. In "Name" field enter "Infected Files" and in "Directory" field enter the directory that infected files are moved to that are detected by ClamAV.
3. Check the "Monitor file add" button to only monitor files that are added to this directory.
4. Click "OK" to add the monitor.
5. Next we need to add a trigger to notify us via email when a new file is added to the infected directory. Go to the Triggers node in JSCAPE Secure FTP Server Manager and click on the "Add" button.
6. In the "Name" field enter "Clamav Virus Quarantined". For the "Event Type" field select "Directory Monitor File Added". Click "Next" to continue.
7. Set the Condition to "Monitor EQUALS Infected Files". Click "Next" to continue.
8. In the "Action Type" field select "Send Email". Complete the necessary fields for your SMTP server and email message. Click "OK" to finish.
9. At this point you should have 3 triggers and a directory monitor. Click "Apply" to save settings and begging detecting infected files.
In this tutorial you learned how to detect, quarantine and send an email notification for any virus infected files uploaded to the server using triggers. JSCAPE Secure FTP Server is ideal for automating virtually any file transfer business processes.
To experience more Download JSCAPE Secure FTP Server .
|
