file uploads with mod-security & clamav

[tsmaudio]

Hi

System: perfect set up Fedora Core 6 & IspConfig

I have been using mod_security with the modsec-clamscan.pl script that comes with it, which ties the post payload scanning in to clamav. It works very well accept.... that once i try to upload a file larger than 350M it rejects it.

I would like to be able to upload files up to 2GB using this method.

If i disable the directive
#SecUploadApproveScript /full/path/to/the/modsec-clamscan.pl
which basically disables the virus scanning, I can load files up to 2GB no problem.

So I guess Its the clamav part, or the script needs something adding in?

Is it possible to do with mod_security and clamav?

The modsec-clamscan.pl can be found here

Cheers

[falko]

Do you upload large files using http? Why don't you use ftp or scp for it?

[tsmaudio]

Hi Falko
Thanks for your response.

I am trying to put together a file upload site similar to yousendit.com and i have a php script that provides the functionality. This uses the standard browser http. I have been experimenting with the security side of things thanks to your excellent guides and have got as far as mod_security scanning the files on upload but with this problem of it now rejecting files over 350M.

So if i can get this to work on larger files, i would be almost there...I might need to get someone with more programming skills than myself involved , I realise that.

thanks for any help in advance.

[falko]

Did you check the contents of modsec-clamscan.pl? It seems there is a file size restriction in it.

[tsmaudio]

Hi Falko
Thanks again, I can't see anything in my modsec-clamscan.pl. Which lines are causing the restriction?

Cheers
Tony.

[falko]

Please post the contents of that file here (if it isn't too long).