If you are like most organizations, then your FTP server accepts file uploads from both internal users (employees) and external users (customers and business partners). In addition to ensuring that data is transmitted securely via encrypted protocols such as FTPS and/or PGP, you should also take measures to verify that the data received does not contain a virus or trojan.
The purpose of this tutorial is to demonstrate how you can automatically perform virus scans whenever a file is uploaded to your server. This tutorial focuses specifically on using the open-source ClamAV virus scanning software in a Linux environment, but ClamAV is also available for Windows. Keep in mind, you may use any anti-virus scanning software that can be invoked from the command line.
Download and install JSCAPE MFT Server
Download and install ClamAV
Updating virus definition files
Like most anti-virus software, ClamAV uses a database of virus definition signatures to detect viruses. In order to maximize virus protection it is recommended that these definition files be updated frequently and automatically. The virus definition signatures for ClamAV may be easily updated using the freshclam command. However, to have these signatures updated automatically we will need to create a trigger. This trigger will invoke the freshclam command every 24 hours at 1 a.m.
1. Open JSCAPE MFT Server Manager and click on the Triggers node.
2. Click the "Add" button to begin adding a new trigger.
3. In the "Name" field enter "ClamAV Virus Definition Update" and in the "Event Type" field select the "Current Time" option. Click "Next" to continue.
4. Set the condition to "((Hour = 1) AND (Minute = 0))". Click "Next" to continue.
5. On Trigger Actions, click Add. Select the "Action Type" of "Run Process" and set the "Program" field to the full path of the freshclam binary. Click "OK" to continue.
Scanning uploaded files for viruses
Now that we have added the trigger for automatically updating the virus definitions, our next step is to add a trigger that will automatically scan files for viruses when they are uploaded.
1. In Triggers node of JSCAPE MFT Server click the "Add" button to begin adding a new trigger.
2. Enter "ClamAV Virus Scan" in the "Name" field and "File Upload" in the "Event Type" field. Click "Next" to continue.
3. Set the condition to "(Success = TRUE)". Click "Next" to continue.
4. Set the "Action Type" field to "Run Process", the "Program" field to the full path of the clamscan binary, and the "Arguments" field to the arguments to pass to the clamscan binary. The --move=/opt/JSCAPE_Secure_FTP_Server/users/infected argument specifies the directory that infected files should be moved to. The %LocalPath% variable represents the uploaded file to be scanned.
Receiving notification on quarantined files
To be notified when an infected file is detected we will use a Directory Monitor combined with a Trigger.
1. In the Directory Monitors node of JSCAPE MFT Server Manager, click on the "Add" button to begin adding a new monitor.
2. In "Name" field enter "Infected Files" and in "Directory" field enter the directory that infected files are moved to that are detected by ClamAV.
3. Check the "Monitor file add" button to only monitor files that are added to this directory.
4. Click "OK" to add the monitor.
5. Next we need to add a trigger to notify us via email when a new file is added to the infected directory. Go to the Triggers node in JSCAPE MFT Server Manager and click on the "Add" button.
6. In the "Name" field enter "ClamAV Virus Quarantined". For the "Event Type" field select "Directory Monitor File Added". Click "Next" to continue.
7. Set the Condition to "(MonitorName = "Infected Files")". Click "Next" to continue.
8. In the "Action Type" field select "Send Email". Complete the necessary fields for your SMTP server and email message. Click "OK" to finish.
9. At this point you should have 3 triggers and a directory monitor. Click "Apply" to save settings and begin detecting infected files.
In this tutorial you learned how to detect, quarantine and send an email notification for any virus infected files uploaded to the server using triggers. JSCAPE MFT Server is ideal for automating virtually any file transfer business processes. To experience more Download JSCAPE MFT Server.