Configuring Clamav

Discussion in 'Technical' started by tsmaudio, Dec 13, 2006.

  1. tsmaudio

    tsmaudio Member

    Hi All
    I am not sure if this is the right place to post this question, if its wrong i am sorry.

    system perfect set up
    fedora Core 6

    I have a php file upload script running on a site I am working on at the moment. I was wondering if it was possible to get clamav to scan the files on upload. I have googled about abit and read a few things about ModSecurity and from what I can tell this will work with clamav but it seems beyond my understanding at the moment on how to do it, especially with ispconfig being installed also I am learning as i go along.

    what i need is a "how to" really

    If anyone can help or has done it before any help would be appreciated.

  2. tsmaudio

    tsmaudio Member

    I have installed and configured ModSecurity and that part is now working fine.
    I just need to know how to link it up with clamav?

  3. falko

    falko Super Moderator ISPConfig Developer

  4. tsmaudio

    tsmaudio Member

    Hi Falko
    Thanks again for your help.
    I have hade a look at that link and it does sound good. When reading, it gives the impression it will only work with PHP 5.2, the version I have is 5.1.6.

    Does this mean I will have to upgrade the PHP, and if so will this affect the IspConfig installation?

    Will I have to reinstall IspConfig after upgrading the PHP?

    How do I upgrade the PHP on fedora core 6 Lamp system?

    I originally was looking at the way described here

    I have experimented with the ModSecurity part, but i am not sure what to do with that perl script.

    Which way would you do it? I don't mind having to reinstall IspConfig etc

    Thanks again and sorry about all the questions.
  5. falko

    falko Super Moderator ISPConfig Developer

    You don't need to update ISPConfig.

    I'm not sure if there's a PHP 5.2.0 package for Fedora, but you can search for it like this:
    yum search php
    If there isn't, I'd use Google to find a third-party Fedora repository that has a PHP 5.2.0 rpm and install that one. OTherwise you'd have to compile PHP from the sources (which you shouldn't do unless absolutely necessary).
  6. tsmaudio

    tsmaudio Member

    Hi Falko
    I think i have got confused, the info in that link you sent me should work with my set up. I have tried to make a start, but when i try to install the package phplibclamav-0.4.0, it comes up with....
    "configure: error: Cannot find libclamav"

    So I am not sure how to proceed. I guess i need libclamav, but is that not part of the ISPconfig setup?

  7. falko

    falko Super Moderator ISPConfig Developer

    The package seems to search for libclamav in a standard location. What's the output of
    yum search clamav
  8. tsmaudio

    tsmaudio Member

    Hi Falko

    I think its working!!
    I have had a few more hours sleep, that always helps! and the ModSecurity method seems to be working great.

    I downloaded the EICAR test file virus and when i tried to upload it to the server, it blocked that straight away and redirected to my invalid_request.html page. I then tried a clean file just to check and that uploaded fine. I have tested the virus file embedded in various zip formats and it still finds it and blocks it every time.

    After following your How to guide on ModSecurity, Basically I just added these extra lines inside the mod_security.conf

    SecFilterScanPOST On
    SecUploadDir /path/to/your/file_upload/directory
    SecUploadApproveScript /path/to/the/file/
    SecFilterDefaultAction "deny,log,redirect:

    I didn't need to change anything inside,
    Does this sound right to you?

    If this is working correctly, that will do me.

    I would like to thank you again for your speedy replies and also wish you and everyone at Howto forge, a Merry Christmas and a Happy New Year.

  9. falko

    falko Super Moderator ISPConfig Developer

    I wish the same to you! :)

Share This Page