i want to scan the POST text strings but with clam not with Modesecurity Regx pattern , that is my target !

On Tue, Feb 23, 2010 at 8:17 AM, Ryan Barnett <Ryan.Barnett@breach.com> wrote:

Are you wanting to look for text strings or was there some specific clamav feature you wanted? If the client is not using multipart content-type to upload a file attachment, then I am not sure what AV feature you need. If you only want to look at text strings then you don't need clamav, as you can use @pm/@pmFromFile and pass it a list of blacklist strings to run against the request_body variable.

Ryan C. Barnett
Director of Application Security Research
Breach Security, Inc.
Ryan.Barnett@Breach.com
www.Breach.com


From: beshoo
To: Jamuse
Cc: mod-security-users@lists.sourceforge.net
Sent: Tue Feb 23 00:57:49 2010
Subject: Re: [mod-security-users] How to Scan Post Data with ClamAv "Not The Upload File"
as i said in the email that i sent  , i dont want to scan the uploaded files , the posted data did not save any thing to /tmp FILES_TMPNAMES , i am sure there is other way to scan the post row , again not the uploaded files

thank you :)

On Tue, Feb 23, 2010 at 7:50 AM, Jamuse <jamuse@gmail.com> wrote:
Take a look at the modsec-clamscan.pl script in the modsecurity util directory. You can invoke the script with something like:

SecRule FILES_TMPNAMES "@inspectFile /opt/modsecurity/bin/modsec-clamscan.pl" \
    phase:2,t:none,log,block

- J

On Tue, Feb 23, 2010 at 5:58 AM, beshoo <beshoo@gmail.com> wrote:
Dear user , i need to scan any POSTED data with clamAV ,
 eg :
User open Cpanel ,

Create a New File in Cpanel

Edit the file with Cpanel Editor

Copy and paste , the Code as PhpShell code .

Save the file .. :)

i need to scan the POST data with ClamAV .

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html