# ftp transparent virus scan



## Ercan Deger (Apr 7, 2022)

Hi All,

how can I scan virus for ftp traffic transparently?

Thanks


----------



## rafael_grether (Apr 8, 2022)

I'm not aware of any way to scan for viruses in FTP traffic.

You can periodically scan the FTP directory looking for viruses, but during traffic, in real time, I don't think there's a way to do that.


----------



## VladiBG (Apr 8, 2022)

You can scan the file when it's uploaded on your storage. It can be done via script which call the antivirus scan upon the file upload or via on file access scan.
If you are using Pure-FTPd there's a pure-uploadscript(8) which is run after a file is upload.
Here's is example of this configuration for CentOS you will need to adapt it.





						How to integrate ClamAV into PureFTPd for virus scanning on CentOS 7
					

This tutorial explains how you can integrate ClamAV into PureFTPd for virus scanning on a CentOS 7 system. In the end, whenever a file gets uploaded t...



					www.howtoforge.com
				




Other method is to use on access scan but you will need a FUSE file system to intercept all r/w check this port:





						FreshPorts -- security/clamfs: User-space fs with on-access antivirus scanning
					

ClamFS is a FUSE-based user-space file system for Linux with on-access anti-virus file scanning through clamd daemon  Features 	- User-space file system 	- Configuration stored in XML files 	- FUSE used as file system back-end 	- Scan files using ClamAV 	- ScanCache speeds up file access 	-...




					www.freshports.org


----------



## im (Apr 9, 2022)

I have used FROX as a ftp proxy. The port description writes about 'optional virus scan', but I never used it for that purpose.
ftp/frox

```
This is frox, a transparent ftp proxy by James Hollingshead.

Current features include:

  o rfc959 compliant transparent proxying of ftp connections.
  o active --> passive mode conversion for data connections.
  o Optional caching support either locally or through an external
    HTTP cache.
  o Optional virus scanning
  o Optional non-transparent proxy support by logging in with
    user@host:port.
  o Options to bind to a specific interface, chroot, and drop
    priveleges for security.

WWW: http://www.hollo.org/frox/
```


----------



## Ercan Deger (Apr 29, 2022)

im said:


> I have used FROX as a ftp proxy. The port description writes about 'optional virus scan', but I never used it for that purpose.
> ftp/frox
> 
> ```
> ...


Thanks I used frox, did some modifications.


----------

