On Fri, Aug 16, 2013 at 11:10 AM, Thorsten Kampe <thorsten@thorstenkampe.de> wrote:

I'm using ModSecurity on Ubuntu 12.04 LTS in connection with Apache (versions see below). I'd like
to scan file uploads for viruses using modsec-clamscan.pl from here[1].

This is what I configured:

- changed "--disable-summary" in modsec-clamscan.pl to "--no-summary"

- set in /etc/modsecurity/modsecurity.conf

  "SecRuleEngine On"

Hi Thorsten,

What is your SecDefaultAction directive set to? Alternatively, what happens if you change the block (which inherits the default action) to deny?

 - Josh