[mod-security-users] Blocking virus upload not working
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Blocking virus upload not working
|
From: Thorsten K. <tho...@th...> - 2013-08-16 08:15:17
|
Hi, I'm using ModSecurity on Ubuntu 12.04 LTS in connection with Apache (versions see below). I'd like to scan file uploads for viruses using modsec-clamscan.pl from here[1]. This is what I configured: - changed "--disable-summary" in modsec-clamscan.pl to "--no-summary" - set in /etc/modsecurity/modsecurity.conf "SecRuleEngine On" "SecRule FILES_TMPNAMES "@inspectFile /usr/local/sbin/modsec-clamscan.pl" phase:2,t:none,log,block" - restarted Apache /var/log/apache2/error.log shows """ [notice] ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/) configured. [notice] ModSecurity: APR compiled version="1.4.6"; loaded version="1.4.6" [notice] ModSecurity: PCRE compiled version="8.12"; loaded version="8.12 2011-01-15" [notice] ModSecurity: LUA compiled version="Lua 5.1" [notice] ModSecurity: LIBXML compiled version="2.7.8" [notice] Apache/2.2.22 (Ubuntu) mod_perl/2.0.5 Perl/v5.14.2 configured -- resuming normal operations [error] [client 127.0.0.1] ModSecurity: Warning. File "/tmp//20130815-164506- Ugzpcn8AAQEAACT7BBMAAAAB-file-QjuJ3J" rejected by the approver script "/usr/local/sbin/modsec- clamscan.pl": 0 clamscan: Eicar-Test-Signature [file "/etc/modsecurity/modsecurity.conf"] [line "207"] [hostname "IP ADDRESS"] [uri "/persis/main"] [unique_id "Ugzpcn8AAQEAACT7BBMAAAAB"] """ Unfortunately, I can still upload virus files (tested with Eicar test virus). What am I missing here? Thorsten [1] <http://www.modsecurity.org/documentation/modsecurity-apache/1.9.3/html-multipage/06- special_features.html> |
