Open snakems opened 11 years ago
Castaglia
commented
11 years ago Could you provide the full proftpd.conf you're using for this? I've tested my mod_clamav version with mod_sftp, and it succeeded. At this point, I suspect that this may be a configuration issue; seeing your full configuration will help determine what might be happening.
snakems
commented
11 years ago Include /etc/proftpd/modules.conf
ServerName "Debian"
ServerType standalone
ServerIdent on "Servers identifying string"
DeferWelcome off
DefaultServer on
DisplayLogin welcome.msg # Textfile to display on login
DisplayConnect .connect # Textfile to display on connection
DisplayChdir .firstchdir # Textfile to display on first changedir
UseReverseDNS off
IdentLookups off
Port 21
Umask 022 022
PassivePorts 60000 61000
MaxInstances 15
MaxClientsPerHost 5 "Only %m connections per host allowed"
MaxClients 10 "Only %m total simultanious logins allowed"
MaxHostsPerUser 5
#User nobody
#Group nobody
#ScoreboardFile /var/log/scoreboard
# Some logging formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
# Define log-files to use
SyslogLevel notice
SystemLog /var/log/proftpd/proftpd.log
#TraceLog /var/log/proftpd/trace.log
#Trace DEFAULT:10
TransferLog /var/log/proftpd/xfer.log
ExtendedLog /var/log/proftpd/access.log WRITE,READ write
ExtendedLog /var/log/proftpd/auth.log AUTH auth
ExtendedLog /var/log/proftpd/paranoid.log ALL default
SQLLogFile /var/log/proftpd/mysql.log
# Set up authentication via SQL
# ===========
AuthOrder mod_sql.c
SQLAuthTypes Backend
SQLConnectInfo proftpd_admin@localhost proftpd password
SQLUserInfo usertable userid passwd uid gid homedir shell
SQLGroupInfo grouptable groupname gid members
SQLUserWhereClause "disabled=0 and (NOW()<=expiration or expiration=-1 or expiration=0)"
SQLMinID 30
# Log the user logging in
SQLLog PASS counter
SQLNamedQuery counter UPDATE "lastlogin=now(), count=count+1 WHERE userid='%u'" usertable
# logout log
SQLLog EXIT time_logout
SQLNamedQuery time_logout UPDATE "lastlogout=now() WHERE userid='%u'" usertable
# display last login time when PASS command is given
SQLNamedQuery login_time SELECT "lastlogin from usertable where userid='%u'"
#SQLShowInfo PASS "230" "Last login was: %{login_time}"
# xfer Log in mysql
SQLLog RETR,STOR transfer1
SQLNamedQuery transfer1 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'c', NULL" xfer_stat
SQLLOG ERR_RETR,ERR_STOR transfer2
SQLNamedQuery transfer2 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'i', NULL" xfer_stat
AllowStoreRestart on
AllowRetrieveRestart on
RequireValidShell off
PathDenyFilter "\\.ftp)|\\.ht)[a-z]+$"
DefaultRoot ~
DenyFilter \*.*/
<IfModule mod_sftp1.c>
SFTPEngine on
SFTPLog /var/log/proftpd/sftp.log
TransferLog /var/log/proftpd/xferlog-sftp.log
Port 2220
SFTPHostKey /etc/ssh/ssh_host_rsa_key
SFTPHostKey /etc/ssh/ssh_host_dsa_key
SFTPAuthorizedUserKeys file:/etc/proftpd/sftp_keys/%u.sftp
SFTPCompression delayed
MaxLoginAttempts 6
</IfModule>
<IfModule mod_clamav.c>
ClamAV on
#ClamLocalSocket /var/run/clamav/clamd.ctl
ClamServer 127.0.0.1
ClamPort 3310
ClamMaxSize 5 Mb
</IfModule>
<Directory ~>
Umask 022 022
AllowOverwrite on
HideNoAccess off
</Directory>
<Directory ~/*>
HideFiles ^\.(ftpaccess|htaccess)$
PathDenyFilter ^\.(ftpaccess|htaccess)$
ListOptions "-A"
</Directory>One thing I notice is that you have:
<IfModule mod_sftp1.c>Shouldn't that be:
<IfModule mod_sftp.c>Also, is this issue still happening, now that the previous issue (with the handling of the ClamMaxSize directive) still happening?
snakems
commented
11 years ago Sorry, I tested the FTP protocol, and forgot to remove when copying the config in the issue. SFTP tested with the correct config.
P.S. New version with fixed ClamMaxSize work correctly with FTP.
Castaglia
commented
11 years ago So to clarify: the ClamMaxSize directive now works properly with FTP, but you are still not seeing mod_clamav work properly for files uploaded via mod_sftp? Which version of proftpd are you using?
snakems
commented
11 years ago root@webserver:~# proftpd -v ProFTPD Version 1.3.3a
Castaglia
commented
11 years ago Ah, that might explain things. The mod_sftp support for interacting with other modules has improved greatly in the 1.3.4 releases. If possible, I'd recommend upgrading to proftpd-1.3.4b. Then the mod_clamav/mod_sftp combination should work properly.
snakems
commented
11 years ago Yes, with proftpd-1.3.4b worked, but no alerts in client, that virus founded.
P.S. Add please in config var ClamLog Sorry for my english.
Castaglia
commented
11 years ago I do intend to change a lot of the config directives, but to do so, I need to rename the module to mod_clamav2, to differentiate it from the old mod_clamav (which is not my module).
I am not surprised that the SFTP client does not show any alerts about found viruses; SFTP clients are not required to display any messages to the end-user, even though the server may send them. Does the SFTP client show that the file upload failed at least?
snakems
commented
11 years ago Just file not showing in the server's folder.In logs I see founded viruses.
chrcoluk
commented
6 years ago Mine also initially didnt work but adding the clamav enable stuff to '<global/' fixed it.
My sftp is activated inside a 0.0.0.0 vhost container, which is why I think global was needed.
However I confirm the same problem of it silently blocking, so successful upload is reported but is blocked, I instructed my dev to watch the clamd.log whilst uploading in case malware files get found but would prefer this behaviour to be fixed if possible, thanks.
Does not scan files uploaded over SFTP. In debug log no messages from mod_clamav.