Re: [mod-security-users] Modsecurity ClamAV integration Filename and Virus name details

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Dear Azur,

Yes I was able to do the testing using your plugin.
I want to report the filename also in the reporting dashboard saying that
filename = xyz.pdf virusname=abc
Now I am able to get the virusname but want to know the filename as well.

Thanks,
Homesh

On Mon, Oct 18, 2021 at 12:06 PM <az...@po...> wrote:

> Hi Homesh,
>
>
> > Thank you very much for the suggestion on antivirus plugin.
> > I tested the antivirus plugin with CRS I have following queries
>
>
> You are welcome! Is plugin working ok for you?
>
>
>
> > Is CRS a prerequisite for this plugin ? as I don't use CRS I want to use
> > this without CRS. I understand this plugin rule uses LUA script.
>
>
> I cannot guarantee it for the future but, currently, it should work
> also without CRS.
>
>
>
> > I was able to see the virus name in the logs, however what is the
> variable
> > name for the filename which was scanned. so I will call that variable
> > inside the TAG or msg
>
>
> Filename if get directly from Modsecurity using FILES_TMPNAMES
> variable but it's only a temporary name of the uploaded file.
>
>
>
> azur
>
>
>
>
> > Thanks,
> > Homesh
> >
> >
> > On Mon, Oct 4, 2021 at 1:40 PM homesh joshi <ho...@gm...> wrote:
> >
> >> Thanks will test this and update you soon.
> >>
> >> On Mon, 4 Oct, 2021, 1:33 pm , <az...@po...> wrote:
> >>
> >>> Hi,
> >>>
> >>> if you are using CRS, please check this:
> >>> https://github.com/coreruleset/antivirus-plugin
> >>>
> >>> azur
> >>>
> >>>
> >>> Citát homesh joshi <ho...@gm...>:
> >>>
> >>> > Hi All,
> >>> >
> >>> > Hope you all are well.
> >>> > I have done the Modsecurity and ClamAV integration and am now able to
> >>> block
> >>> > the malicious file upload. I wanted to get the filename and virus
> name
> >>> > details inside modsec audit logs.
> >>> >
> >>> > I am not able to find any documentation on this. Can you please share
> >>> any
> >>> > document or tutorial on this ?
> >>> >
> >>> > Thanks,
> >>> > Homesh
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> mod-security-users mailing list
> >>> mod...@li...
> >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> >>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> >>> http://www.modsecurity.org/projects/commercial/rules/
> >>> http://www.modsecurity.org/projects/commercial/support/
> >>>
> >>
>
>
>
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>