<![CDATA[Latest posts for the topic "Giúp đỡ mod_clamav proftpd"]]> /hvaonline/posts/list/24.html JForum - http://www.jforum.net Giúp đỡ mod_clamav proftpd Code:
[root@cntt proftpd-1.3.2]# proftpd -vv
ProFTPD Version: 1.3.2 (stable)
  Scoreboard Version: 01040002
  Built: Mon Jun 17 14:34:36 ICT 2013

Loaded modules:
  mod_cap/1.0
  mod_vroot/0.8.5
  mod_clamav.c
  mod_ident/1.0
  mod_facts/0.1
  mod_delay/0.6
  mod_site.c
  mod_log.c
  mod_ls.c
  mod_auth.c
  mod_auth_file/0.8.3
  mod_auth_unix.c
  mod_xfer.c
  mod_core.c
sau đó mình config file proftpd.config với các tham số: Code:
...
<Global>
  AllowOverwrite                yes
<IfModule mod_clamav.c>
   ClamAV on
   ClamServer 127.0.0.1
   ClamPort 3310
</IfModule>
</Global>
...
clamd đã chạy: Code:
[root@cntt proftpd-1.3.2]# netstat -nlp | grep clamd
tcp        0      0 127.0.0.1:3310              0.0.0.0:*                   LISTEN      3638/clamd
Sau đó mình chạy proftpd ở chế độ debug level 10, dùng trình ftp client đăng nhập, upload 1 file virus lên server Kết quả là clamav đã remove file này. Đến đây mọi thứ OK Code:
...
localhost (113.10.2.149[113.10.2.149]) - Going to virus scan absolute filename = '/home/proftpd/eicar.com' with relative filename = '/eicar.com'.
localhost (113.10.2.149[113.10.2.149]) - Clamd did not respond to fgets (2): No such file or directory
localhost (113.10.2.149[113.10.2.149]) - mod_clamav/0.11rc: Connecting to remote Clamd host '127.0.0.1' on port 3310
localhost (113.10.2.149[113.10.2.149]) - ROOT PRIVS at mod_clamav.c:227
localhost (113.10.2.149[113.10.2.149]) - ROOT PRIVS: ID switching disabled
localhost (113.10.2.149[113.10.2.149]) - PRIVS_RELINQUISH: ID switching disabled
localhost (113.10.2.149[113.10.2.149]) - Successfully reconnected to Clamd.
localhost (113.10.2.149[113.10.2.149]) - mod_clamav/0.11rc: Virus 'Eicar-Test-Signature' found in '/home/proftpd/eicar.com'
...
Sau đó e config mod_vroot (đã biên dịch cùng với mod_clamav) cho proftpd: Code:
...
  <IfModule mod_vroot.c>
    VRootEngine on

    VRootOptions allowSymlinks
  </IfModule>
DefaultRoot ~
...
Tiếp theo chạy proftpd ở chế độ debug level 10, dùng ftp client upload file virus cũ lên, proftpd có gọi clamd scan, nhưng sai path của file, nên clamd báo no such file or dir...nên ko diệt đươc Code:
...
localhost (113.10.2.149[113.160.226.149]) - mod_clamav/0.11rc: Connecting to remote Clamd host '127.0.0.1' on port 3310
localhost (113.10.2.149[113.10.2.149]) - ROOT PRIVS at mod_clamav.c:227
localhost (113.10.2.149[113.10.2.149]) - ROOT PRIVS: ID switching disabled
localhost (113.10.2.149[113.10.2.149]) - PRIVS_RELINQUISH: ID switching disabled
localhost (113.10.2.149[113.10.2.149]) - Successfully reconnected to Clamd.
localhost (113.10.2.149[113.10.2.149]) - mod_clamav/0.11rc: Clamd Error: /eicar.com: lstat() failed: No such file or directory. ERROR

...
Mình có coi qua trang này https://forums.proftpd.org/smf/index.php?topic=3768.0 Nhưng cũng chẳng biết debug cái mod_clamav như thế nào Mong mọi người giúp đỡ, đê có thể dùng mod_clamav và mod_vroot cho proftpd Xin cảm ơn ]]> /hvaonline/posts/list/44853.html#276675 /hvaonline/posts/list/44853.html#276675 GMT