We had yesterday an trojan upload on our debian lenny server. It cost 6 hours of repairing several sites + local pc's. At 1 of the local pc I discovered that the firewall was set to disabled. The pc was also infected with this Trojan:JS/BlacoleRef.W Why do this pc had an ftp account to our server? For daily upload the shipping tracking to the server + weekly upload of a new newsletter.
Question: is there a existing solution on the server to test all the ftp/ssh uploads. This should help us very much.
The first thing to do is, obviously, to keep all your machines clean, even the clients.
FTP
It depends on the deamon you use. Typically there is no server-side scan of what's uploaded, but proftpd has a modular architecture and you can write your mod_content_checker that inspect the uploads and rejects files that don't line up with your policy.
You could also scan the files with
clamv.SSH / rsync
You can use a forced command with a script that scans the files.
but keep all your machines clean.