Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Technical

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 23rd January 2007, 19:21
tsmaudio tsmaudio is offline
HowtoForge Supporter
 
Join Date: Nov 2006
Location: UK
Posts: 42
Thanks: 2
Thanked 0 Times in 0 Posts
Send a message via Skype™ to tsmaudio
Default file uploads with mod-security & clamav

Hi

System: perfect set up Fedora Core 6 & IspConfig

I have been using mod_security with the modsec-clamscan.pl script that comes with it, which ties the post payload scanning in to clamav. It works very well accept.... that once i try to upload a file larger than 350M it rejects it.

I would like to be able to upload files up to 2GB using this method.

If i disable the directive
#SecUploadApproveScript /full/path/to/the/modsec-clamscan.pl
which basically disables the virus scanning, I can load files up to 2GB no problem.

So I guess Its the clamav part, or the script needs something adding in?

Is it possible to do with mod_security and clamav?

The modsec-clamscan.pl can be found here

Cheers
Reply With Quote
Sponsored Links
  #2  
Old 24th January 2007, 13:53
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

Do you upload large files using http? Why don't you use ftp or scp for it?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 24th January 2007, 14:11
tsmaudio tsmaudio is offline
HowtoForge Supporter
 
Join Date: Nov 2006
Location: UK
Posts: 42
Thanks: 2
Thanked 0 Times in 0 Posts
Send a message via Skype™ to tsmaudio
Default

Hi Falko
Thanks for your response.

I am trying to put together a file upload site similar to yousendit.com and i have a php script that provides the functionality. This uses the standard browser http. I have been experimenting with the security side of things thanks to your excellent guides and have got as far as mod_security scanning the files on upload but with this problem of it now rejecting files over 350M.

So if i can get this to work on larger files, i would be almost there...I might need to get someone with more programming skills than myself involved , I realise that.

thanks for any help in advance.
Reply With Quote
  #4  
Old 25th January 2007, 20:15
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

Did you check the contents of modsec-clamscan.pl? It seems there is a file size restriction in it.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 26th January 2007, 12:03
tsmaudio tsmaudio is offline
HowtoForge Supporter
 
Join Date: Nov 2006
Location: UK
Posts: 42
Thanks: 2
Thanked 0 Times in 0 Posts
Send a message via Skype™ to tsmaudio
Default

Hi Falko
Thanks again, I can't see anything in my modsec-clamscan.pl. Which lines are causing the restriction?

Cheers
Tony.
Reply With Quote
  #6  
Old 27th January 2007, 15:01
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

Please post the contents of that file here (if it isn't too long).
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 27th January 2007, 16:27
tsmaudio tsmaudio is offline
HowtoForge Supporter
 
Join Date: Nov 2006
Location: UK
Posts: 42
Thanks: 2
Thanked 0 Times in 0 Posts
Send a message via Skype™ to tsmaudio
Default

Hi Falko
Here is the contents of my modsec-clamscan.pl as requested.

#!/usr/bin/perl
#
# modsec-clamscan.pl
# ModSecurity for Apache (http://www.modsecurity.org)
# Copyright (c) 2002-2005 Thinking Stone (http://www.thinkingstone.com)
#
# $Id: modsec-clamscan.pl,v 1.1.2.1 2005/12/19 20:39:51 ivanr Exp $
#
# This script is an interface between mod_security and its
# ability to intercept files being uploaded through the
# web server, and ClamAV
# by default use the command-line version of ClamAV,
# which is slower but more likely to work out of the
# box
$CLAMSCAN = "/usr/bin/clamscan";
# using ClamAV in daemon mode is faster since the
# anti-virus engine is already running, but you also
# need to configure file permissions to allow ClamAV,
# usually running as a user other than the one Apache
# is running as, to access the files
# $CLAMSCAN = "/usr/bin/clamdscan";

if (@ARGV != 1) {
print "Usage: modsec-clamscan.pl <filename>\n";
exit;
}
my ($FILE) = @ARGV;
$cmd = "$CLAMSCAN --stdout --disable-summary $FILE";
$input = `$cmd`;
$input =~ m/^(.+)/;
$error_message = $1;
$output = "0 Unable to parse clamscan output [$1]";
if ($error_message =~ m/: Empty file\.?$/) {
$output = "1 empty file";
}
elsif ($error_message =~ m/: (.+) ERROR$/) {
$output = "0 clamscan: $1";
}
elsif ($error_message =~ m/: (.+) FOUND$/) {
$output = "0 clamscan: $1";
}
elsif ($error_message =~ m/: OK$/) {
$output = "1 clamscan: OK";
}
print "$output\n";



many thanks
Tony.
Reply With Quote
  #8  
Old 28th January 2007, 21:08
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

Does
Code:
man clamscan
say anything about a file size restriction?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 29th January 2007, 14:48
tsmaudio tsmaudio is offline
HowtoForge Supporter
 
Join Date: Nov 2006
Location: UK
Posts: 42
Thanks: 2
Thanked 0 Times in 0 Posts
Send a message via Skype™ to tsmaudio
Default

Thanks again,
I have looked through the "man clamscan" and have found these bits of information that may or may not help.

Options:

--block-max
Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.Exceed-
edFilesLimit) if max-files, max-space, or max-recursion is
reached.

--max-files=#n
Extract first #n files from each archive. This option protects
your system against DoS attacks (default: 500)

--max-space=#n
Extract first #n kilobytes from each archive. You may give the
number in megabytes in format xM or xm, where x is a number.
This option protects your system against DoS attacks (default:
10 MB)

--max-recursion=#n
Set archive recursion level limit. This option protects your
system against DoS attacks (default: 8).


This is provided as an example

(3) Load database from selected file and limit disk usage to 50 Mb:
clamscan -d /tmp/newclamdb --max-space=50m -r /tmp


This does look like it may provide the answer, but I am not sure how to go about it.

cheers

Tony
Reply With Quote
  #10  
Old 30th January 2007, 12:40
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
 
Default

Quote:
Originally Posted by tsmaudio
This does look like it may provide the answer, but I am not sure how to go about it.
You can now modify the line
Code:
$cmd = "$CLAMSCAN --stdout --disable-summary $FILE";
in modsec-clamscan.pl with this information.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Dspam planet_fox General 6 20th January 2007 19:42
Systemimager (rsync) doesn't copy all comedit HOWTO-Related Questions 11 19th January 2007 18:17
HotSaNIC domino Tips/Tricks/Mods 23 6th November 2006 06:19
jamed up my table borders?? Boon-Dog-Danny Installation/Configuration 5 23rd September 2006 17:12
Howto suggestion suse PhP ver 4 + Ver 5 wwparrish Suggest HOWTO 11 7th August 2006 14:29


All times are GMT +2. The time now is 18:45.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.