|
From: <az...@po...> - 2021-10-18 06:33:17
|
Hi Homesh, > Thank you very much for the suggestion on antivirus plugin. > I tested the antivirus plugin with CRS I have following queries You are welcome! Is plugin working ok for you? > Is CRS a prerequisite for this plugin ? as I don't use CRS I want to use > this without CRS. I understand this plugin rule uses LUA script. I cannot guarantee it for the future but, currently, it should work also without CRS. > I was able to see the virus name in the logs, however what is the variable > name for the filename which was scanned. so I will call that variable > inside the TAG or msg Filename if get directly from Modsecurity using FILES_TMPNAMES variable but it's only a temporary name of the uploaded file. azur > Thanks, > Homesh > > > On Mon, Oct 4, 2021 at 1:40 PM homesh joshi <ho...@gm...> wrote: > >> Thanks will test this and update you soon. >> >> On Mon, 4 Oct, 2021, 1:33 pm , <az...@po...> wrote: >> >>> Hi, >>> >>> if you are using CRS, please check this: >>> https://github.com/coreruleset/antivirus-plugin >>> >>> azur >>> >>> >>> Citát homesh joshi <ho...@gm...>: >>> >>> > Hi All, >>> > >>> > Hope you all are well. >>> > I have done the Modsecurity and ClamAV integration and am now able to >>> block >>> > the malicious file upload. I wanted to get the filename and virus name >>> > details inside modsec audit logs. >>> > >>> > I am not able to find any documentation on this. Can you please share >>> any >>> > document or tutorial on this ? >>> > >>> > Thanks, >>> > Homesh >>> >>> >>> >>> >>> >>> _______________________________________________ >>> mod-security-users mailing list >>> mod...@li... >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>> http://www.modsecurity.org/projects/commercial/rules/ >>> http://www.modsecurity.org/projects/commercial/support/ >>> >> |
