Configuring Clamav

Discussion in 'Technical' started by tsmaudio, Dec 13, 2006.

  1. tsmaudio

    tsmaudio Member

    Hi All
    I am not sure if this is the right place to post this question, if its wrong i am sorry.

    system perfect set up
    fedora Core 6
    Ispconfig

    I have a php file upload script running on a site I am working on at the moment. I was wondering if it was possible to get clamav to scan the files on upload. I have googled about abit and read a few things about ModSecurity and from what I can tell this will work with clamav but it seems beyond my understanding at the moment on how to do it, especially with ispconfig being installed also I am learning as i go along.

    what i need is a "how to" really

    If anyone can help or has done it before any help would be appreciated.

    cheers
    Tony
     
  2. tsmaudio

    tsmaudio Member

    I have installed and configured ModSecurity and that part is now working fine.
    I just need to know how to link it up with clamav?

    Cheers
     
  3. falko

    falko Super Moderator ISPConfig Developer

  4. tsmaudio

    tsmaudio Member

    Hi Falko
    Thanks again for your help.
    I have hade a look at that link and it does sound good. When reading, it gives the impression it will only work with PHP 5.2, the version I have is 5.1.6.

    Does this mean I will have to upgrade the PHP, and if so will this affect the IspConfig installation?

    Will I have to reinstall IspConfig after upgrading the PHP?

    How do I upgrade the PHP on fedora core 6 Lamp system?

    I originally was looking at the way described here
    http://www.modsecurity.org/documentation/modsecurity-apache/1.9.3/html-multipage/06-special_features.html

    I have experimented with the ModSecurity part, but i am not sure what to do with that perl script.

    Which way would you do it? I don't mind having to reinstall IspConfig etc

    Thanks again and sorry about all the questions.
    :)
     
  5. falko

    falko Super Moderator ISPConfig Developer

    You don't need to update ISPConfig.

    I'm not sure if there's a PHP 5.2.0 package for Fedora, but you can search for it like this:
    Code:
    yum search php
    If there isn't, I'd use Google to find a third-party Fedora repository that has a PHP 5.2.0 rpm and install that one. OTherwise you'd have to compile PHP from the sources (which you shouldn't do unless absolutely necessary).
     
  6. tsmaudio

    tsmaudio Member

    Hi Falko
    I think i have got confused, the info in that link you sent me should work with my set up. I have tried to make a start, but when i try to install the package phplibclamav-0.4.0, it comes up with....
    "configure: error: Cannot find libclamav"

    So I am not sure how to proceed. I guess i need libclamav, but is that not part of the ISPconfig setup?

    Cheers
    Tony.
     
  7. falko

    falko Super Moderator ISPConfig Developer

    The package seems to search for libclamav in a standard location. What's the output of
    Code:
    yum search clamav
    ?
     
  8. tsmaudio

    tsmaudio Member

    Hi Falko

    I think its working!!
    I have had a few more hours sleep, that always helps! and the ModSecurity method seems to be working great.

    I downloaded the EICAR test file virus and when i tried to upload it to the server, it blocked that straight away and redirected to my invalid_request.html page. I then tried a clean file just to check and that uploaded fine. I have tested the virus file embedded in various zip formats and it still finds it and blocks it every time.

    After following your How to guide on ModSecurity, Basically I just added these extra lines inside the mod_security.conf

    SecFilterScanPOST On
    SecUploadDir /path/to/your/file_upload/directory
    SecUploadApproveScript /path/to/the/file/modsec-clamscan.pl
    SecFilterDefaultAction "deny,log,redirect:http://www.example.com/invalid_request.html

    I didn't need to change anything inside, modsec-clamscan.pl
    Does this sound right to you?

    If this is working correctly, that will do me.

    I would like to thank you again for your speedy replies and also wish you and everyone at Howto forge, a Merry Christmas and a Happy New Year.

    Tony.
    :)
     
  9. falko

    falko Super Moderator ISPConfig Developer

    I wish the same to you! :)
     

Share This Page