HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Technical (http://www.howtoforge.com/forums/forumdisplay.php?f=8)
-   -   file uploads with mod-security & clamav (http://www.howtoforge.com/forums/showthread.php?t=10041)

tsmaudio 23rd January 2007 18:21

file uploads with mod-security & clamav
 
Hi

System: perfect set up Fedora Core 6 & IspConfig

I have been using mod_security with the modsec-clamscan.pl script that comes with it, which ties the post payload scanning in to clamav. It works very well accept.... that once i try to upload a file larger than 350M it rejects it.

I would like to be able to upload files up to 2GB using this method.

If i disable the directive
#SecUploadApproveScript /full/path/to/the/modsec-clamscan.pl
which basically disables the virus scanning, I can load files up to 2GB no problem.

So I guess Its the clamav part, or the script needs something adding in?

Is it possible to do with mod_security and clamav?

The modsec-clamscan.pl can be found here

Cheers
:)

falko 24th January 2007 12:53

Do you upload large files using http? Why don't you use ftp or scp for it?

tsmaudio 24th January 2007 13:11

Hi Falko
Thanks for your response.

I am trying to put together a file upload site similar to yousendit.com and i have a php script that provides the functionality. This uses the standard browser http. I have been experimenting with the security side of things thanks to your excellent guides and have got as far as mod_security scanning the files on upload but with this problem of it now rejecting files over 350M.

So if i can get this to work on larger files, i would be almost there...I might need to get someone with more programming skills than myself involved , I realise that.

thanks for any help in advance.

falko 25th January 2007 19:15

Did you check the contents of modsec-clamscan.pl? It seems there is a file size restriction in it.

tsmaudio 26th January 2007 11:03

Hi Falko
Thanks again, I can't see anything in my modsec-clamscan.pl. Which lines are causing the restriction?

Cheers
Tony.

falko 27th January 2007 14:01

Please post the contents of that file here (if it isn't too long).

tsmaudio 27th January 2007 15:27

Hi Falko
Here is the contents of my modsec-clamscan.pl as requested.

#!/usr/bin/perl
#
# modsec-clamscan.pl
# ModSecurity for Apache (http://www.modsecurity.org)
# Copyright (c) 2002-2005 Thinking Stone (http://www.thinkingstone.com)
#
# $Id: modsec-clamscan.pl,v 1.1.2.1 2005/12/19 20:39:51 ivanr Exp $
#
# This script is an interface between mod_security and its
# ability to intercept files being uploaded through the
# web server, and ClamAV
# by default use the command-line version of ClamAV,
# which is slower but more likely to work out of the
# box
$CLAMSCAN = "/usr/bin/clamscan";
# using ClamAV in daemon mode is faster since the
# anti-virus engine is already running, but you also
# need to configure file permissions to allow ClamAV,
# usually running as a user other than the one Apache
# is running as, to access the files
# $CLAMSCAN = "/usr/bin/clamdscan";

if (@ARGV != 1) {
print "Usage: modsec-clamscan.pl <filename>\n";
exit;
}
my ($FILE) = @ARGV;
$cmd = "$CLAMSCAN --stdout --disable-summary $FILE";
$input = `$cmd`;
$input =~ m/^(.+)/;
$error_message = $1;
$output = "0 Unable to parse clamscan output [$1]";
if ($error_message =~ m/: Empty file\.?$/) {
$output = "1 empty file";
}
elsif ($error_message =~ m/: (.+) ERROR$/) {
$output = "0 clamscan: $1";
}
elsif ($error_message =~ m/: (.+) FOUND$/) {
$output = "0 clamscan: $1";
}
elsif ($error_message =~ m/: OK$/) {
$output = "1 clamscan: OK";
}
print "$output\n";



many thanks
Tony.

falko 28th January 2007 20:08

Does
Code:

man clamscan
say anything about a file size restriction?

tsmaudio 29th January 2007 13:48

Thanks again,
I have looked through the "man clamscan" and have found these bits of information that may or may not help.

Options:

--block-max
Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.Exceed-
edFilesLimit) if max-files, max-space, or max-recursion is
reached.

--max-files=#n
Extract first #n files from each archive. This option protects
your system against DoS attacks (default: 500)

--max-space=#n
Extract first #n kilobytes from each archive. You may give the
number in megabytes in format xM or xm, where x is a number.
This option protects your system against DoS attacks (default:
10 MB)

--max-recursion=#n
Set archive recursion level limit. This option protects your
system against DoS attacks (default: 8).


This is provided as an example

(3) Load database from selected file and limit disk usage to 50 Mb:
clamscan -d /tmp/newclamdb --max-space=50m -r /tmp


This does look like it may provide the answer, but I am not sure how to go about it.

cheers

Tony

falko 30th January 2007 11:40

Quote:

Originally Posted by tsmaudio
This does look like it may provide the answer, but I am not sure how to go about it.

You can now modify the line
Code:

$cmd = "$CLAMSCAN --stdout --disable-summary $FILE";
in modsec-clamscan.pl with this information.


All times are GMT +2. The time now is 12:12.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.