[mod-security-users] ModSecurity with ClamAV on Windows
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] ModSecurity with ClamAV on Windows
|
From: Benjamin D. <bdi...@gm...> - 2019-03-04 21:15:29
|
Hi,
I want to configure Apache with ModSecurity and ClamAV on Windows. I was
able to install all the software but now run into issues with the
integration between ModSecurity and ClamAV, it seems like ModSecurity is
not passing the file name to the perl script or perl can't read it:
I tested the perl script by itself and it working as expected:
perl runav.pl
C:\tmp\upload\20190304-153319-XH2Lj7J7UIOIOO4ofagtSwAAABo-file-a04592
I can specify a file name and it returns either 0 / 1 with the detailed
message
When I use ModSecurity no file name is passed in, the $#ARGV variable
returns -1 and the ModSecurity log shows the following message:
[...] by the approver script
"C:/Apps/Apache24/conf/modsecurity/owasp-modsecurity-crs/util/av-scanning/
runav.pl": Usage: runav.pl <filename>\ [...]
Does anyone have any suggestions? Any help would be appreciated!
My configuration is as follows:
modsecurity.conf:
...
SecTmpDir c:\tmp
SecDataDir c:\tmp\persistent
SecUploadDir c:\tmp\upload
...
The rule modsecurity_crs_46_av_scanning.conf
SecRule FILES_TMPNAMES "@inspectFile
C:/Apps/Apache24/conf/modsecurity/owasp-modsecurity-crs/util/av-scanning/
runav.pl" "id:2222, deny"
the runav.pl
# runav.pl
# Copyright (c) 2004-2011 Trustwave
#
# This script is an interface between ModSecurity and its
# ability to intercept files being uploaded through the
# web server, and ClamAV
use warnings;
#specify a log file
my $filename = 'clamAV.log';
open(my $fh, '>', $filename) or die "Could not open file '$filename' $!";
print $fh "Started Virus scan\n";
$CLAMSCAN = "C:/Progra~1/ClamAV/clamdscan.exe";
print $fh "$#ARGV\n";
if ($#ARGV != 0) {
print "Usage: runav.pl <filename>\n";
print $fh "no file specified\n";
close $fh;
exit;
}
my ($FILE) = shift @ARGV;
#Required for windows to convert slash/backslash properly
$FILE =~ tr{/}{\\};
$cmd = "$CLAMSCAN --stdout $FILE";
$input = `$cmd`;
$input =~ m/^(.+)/;
$error_message = $1;
$output = "0 Unable to parse clamscan output [$1]";
print "$error_message\n";
if ($error_message =~ m/: Empty file\.?$/) {
$output = "1 empty file";
}
elsif ($error_message =~ m/: (.+) ERROR$/) {
$output = "0 clamscan: $1";
}
elsif ($error_message =~ m/: (.+) FOUND$/) {
$output = "0 clamscan: $1";
}
elsif ($error_message =~ m/: OK$/) {
$output = "1 clamscan: OK";
}
close $fh;
print "$output\n";
|
