Add Virus Filtering for ProFTPd with ClamAV

The first step to add filtering for an FTP servere is to add antivirus filtering.
We will need to modify the setup procedure a bit to apply the appropriate patches :

So, download the patch source
wget http://www.thrallingpenguin.com/resources/mod_clamav-0.7.tar.gz
tar xzvf mod_clamav-0.7.tar.gz
cp mod_clamav-0.7/mod_clamav.* proftpd-1.3.1/contrib

Apply the required patch:
cd proftpd-1.3.1
patch -p1 < ../mod_clamav-0.7/proftpd.patch

Now we need to configure --with-modules=mod_clamav. So if you followed my previous howto to installing ProFTPd it should look like this :

install_user=root install_group=wheel ./configure --with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql:mod_clamav --with-includes=/usr/include/mysql/ --with-libraries=/usr/lib/mysql/ --enable-timeout-linger --enable-timeout-stalled --sysconfdir=/etc --localstatedir=/var --prefix=/usr

make & make install

We will need to install the ClamAV Daemon to provide antivirus scanning abilities. We can compile from source but we can also install it using Dag Wieers repo. So first we add the appropriate files for the repo to function:

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

Install ClamAV
yum install clamav.i386 clamav-db.i386 clamd.i386 clamav-devel.i386

Start the ClamAV daemon
/etc/init.d/clamd start
and edit crontab to configure the clamav updates
crontab -e
49 * * * *
/usr/bin/freshclam --quiet

Edit /etc/proftpd.conf and add at the end

<IfModule mod_clamav.c>
   ClamAV on
   ClamLocalSocket  /tmp/clamd.socket
</IfModule>

restart proftpd.
To test that it is working correctly download the eicar test virus and try to upload it to the server.