nice , i can see some hope to do this ....
please any one in the list if you can provide any information regarding this we can put it as open source so all will be safe .

On Tue, Feb 23, 2010 at 7:28 PM, Josh Kayse <josh.kayse@gtri.gatech.edu> wrote:
On 02/23/2010 05:43 AM, Ryan Barnett wrote:
Understood.  The main current limitation to this is that clamav is a separate process that needs to scan files and in this case you are wanting to inspect a particular portion of a request.  There has been some discussions about adding Mod features that can stream data to a running process (such as clamav in daemon mode).  Today, I would suggest looking at using a custom Lua script that could extract out the request body data, save it to a temp file and then scan it with clamav.  I am sure this would work, but is probably not very performant.

-Ryan

 
<snip>

We wrote an extension for mod_security locally that runs the clamav scanner against the request body file descriptor

At the time, there was a problem and we were not able to extract the request body using lua.

-josh

--
A: No.
Q: Should I include quotations after my reply?

Don't top post: see http://www.caliburn.nl/topposting.html for more.



------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Appliances, Rule Sets and Support:
http://www.modsecurity.org/breach/index.html