HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (
-   Technical (
-   -   file uploads with mod-security & clamav (

tsmaudio 23rd January 2007 19:21

file uploads with mod-security & clamav

System: perfect set up Fedora Core 6 & IspConfig

I have been using mod_security with the script that comes with it, which ties the post payload scanning in to clamav. It works very well accept.... that once i try to upload a file larger than 350M it rejects it.

I would like to be able to upload files up to 2GB using this method.

If i disable the directive
#SecUploadApproveScript /full/path/to/the/
which basically disables the virus scanning, I can load files up to 2GB no problem.

So I guess Its the clamav part, or the script needs something adding in?

Is it possible to do with mod_security and clamav?

The can be found here


falko 24th January 2007 13:53

Do you upload large files using http? Why don't you use ftp or scp for it?

tsmaudio 24th January 2007 14:11

Hi Falko
Thanks for your response.

I am trying to put together a file upload site similar to and i have a php script that provides the functionality. This uses the standard browser http. I have been experimenting with the security side of things thanks to your excellent guides and have got as far as mod_security scanning the files on upload but with this problem of it now rejecting files over 350M.

So if i can get this to work on larger files, i would be almost there...I might need to get someone with more programming skills than myself involved , I realise that.

thanks for any help in advance.

falko 25th January 2007 20:15

Did you check the contents of It seems there is a file size restriction in it.

tsmaudio 26th January 2007 12:03

Hi Falko
Thanks again, I can't see anything in my Which lines are causing the restriction?


falko 27th January 2007 15:01

Please post the contents of that file here (if it isn't too long).

tsmaudio 27th January 2007 16:27

Hi Falko
Here is the contents of my as requested.

# ModSecurity for Apache (
# Copyright (c) 2002-2005 Thinking Stone (
# $Id:,v 2005/12/19 20:39:51 ivanr Exp $
# This script is an interface between mod_security and its
# ability to intercept files being uploaded through the
# web server, and ClamAV
# by default use the command-line version of ClamAV,
# which is slower but more likely to work out of the
# box
$CLAMSCAN = "/usr/bin/clamscan";
# using ClamAV in daemon mode is faster since the
# anti-virus engine is already running, but you also
# need to configure file permissions to allow ClamAV,
# usually running as a user other than the one Apache
# is running as, to access the files
# $CLAMSCAN = "/usr/bin/clamdscan";

if (@ARGV != 1) {
print "Usage: <filename>\n";
my ($FILE) = @ARGV;
$cmd = "$CLAMSCAN --stdout --disable-summary $FILE";
$input = `$cmd`;
$input =~ m/^(.+)/;
$error_message = $1;
$output = "0 Unable to parse clamscan output [$1]";
if ($error_message =~ m/: Empty file\.?$/) {
$output = "1 empty file";
elsif ($error_message =~ m/: (.+) ERROR$/) {
$output = "0 clamscan: $1";
elsif ($error_message =~ m/: (.+) FOUND$/) {
$output = "0 clamscan: $1";
elsif ($error_message =~ m/: OK$/) {
$output = "1 clamscan: OK";
print "$output\n";

many thanks

falko 28th January 2007 21:08


man clamscan
say anything about a file size restriction?

tsmaudio 29th January 2007 14:48

Thanks again,
I have looked through the "man clamscan" and have found these bits of information that may or may not help.


Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.Exceed-
edFilesLimit) if max-files, max-space, or max-recursion is

Extract first #n files from each archive. This option protects
your system against DoS attacks (default: 500)

Extract first #n kilobytes from each archive. You may give the
number in megabytes in format xM or xm, where x is a number.
This option protects your system against DoS attacks (default:
10 MB)

Set archive recursion level limit. This option protects your
system against DoS attacks (default: 8).

This is provided as an example

(3) Load database from selected file and limit disk usage to 50 Mb:
clamscan -d /tmp/newclamdb --max-space=50m -r /tmp

This does look like it may provide the answer, but I am not sure how to go about it.



falko 30th January 2007 12:40


Originally Posted by tsmaudio
This does look like it may provide the answer, but I am not sure how to go about it.

You can now modify the line

$cmd = "$CLAMSCAN --stdout --disable-summary $FILE";
in with this information.

All times are GMT +2. The time now is 22:07.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.