I know we can use FILES_TMPNAMES to inspect an upload file. The manual and
the cookbook are both using clamav-scanner. I want know is there any other
type of method?
If I want to write scripts and using my own keywords for matching the vir,
how can I do that?
I also find in the manual that :
Phase Request Body
This is the general-purpose input analysis phase. Most of the
application-oriented rules should go here. In this phase you are guaranteed
to have received the request arguments (provided the request body has been
read). ModSecurity supports three encoding types for the request body phase:
application/x-www-form-urlencoded - used to transfer form data
multipart/form-data - used for file transfers
text/xml - used for passing XML data
Other encodings are not used by most web applications.
So can we check the upload file directly use modsecurity rules as checking a
Could you share your experience for me?
Thanks in advance!