This guide will help you automatically scan all FTP-uploaded files for viruses using ClamAV and Pure-FTPd.
🔧 Step 1: Install ClamAV via WHM
- Log in to WHM as root.
- Navigate to:
cPanel → Manage Plugins - Locate clamavconnector.
- Check the box “Install and Keep Updated”.
- Click Save at the bottom.
- Wait for the installation to complete.
🛠️ Step 2: Enable Upload Script Trigger in Pure-FTPd
Edit /etc/pure-ftpd.conf:
nano /etc/pure-ftpd.conf
Find the line:
CallUploadScript no
And change it to:
CallUploadScript yes
Save and exit the file.
🧪 Step 3: Create the ClamAV Upload Scan Script
Create the file /etc/pure-ftpd/clamav_check.sh:
nano /etc/pure-ftpd/clamav_check.sh
Paste the following content:
#!/bin/bash
# Max file size to scan (10MB in bytes)
MAXSIZE=10485760
if [ "$UPLOAD_SIZE" -le "$MAXSIZE" ]; then
/usr/bin/clamdscan --remove --quiet --no-summary "$1"
fi
Make it executable:
chmod 755 /etc/pure-ftpd/clamav_check.sh
🧩 Step 4: Enable the Upload Script Daemon
Run this command to start the upload script daemon:
/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh
To ensure it starts on boot, add it to rc.local:
echo "/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh" >> /etc/rc.d/rc.local
Make sure rc.local is executable:
chmod +x /etc/rc.d/rc.local
🔁 Step 5: Restart Pure-FTPd
service pure-ftpd restart
✅ Done!
Now, every uploaded file under 10MB via FTP will be scanned by ClamAV.
You can increase the scan size limit by changing the MAXSIZE variable in the script.