|
From: <az...@po...> - 2021-10-18 18:20:10
|
Good news everyone (mainly Homesh)! As HTTP protocol allows uploading of multiple files at once, it appears to be a good idea to have a filename of infected file in logs. I decided to add this functionality. Homesh, please redownload everything and try again: https://github.com/coreruleset/antivirus-plugin Let me know if it's working for you, thanks. Enjoy! Citát homesh joshi <ho...@gm...>: > Dear Azur, > > Yes I was able to do the testing using your plugin. > I want to report the filename also in the reporting dashboard saying that > filename = xyz.pdf virusname=abc > Now I am able to get the virusname but want to know the filename as well. > > Thanks, > Homesh > > > On Mon, Oct 18, 2021 at 12:06 PM <az...@po...> wrote: > >> Hi Homesh, >> >> >> > Thank you very much for the suggestion on antivirus plugin. >> > I tested the antivirus plugin with CRS I have following queries >> >> >> You are welcome! Is plugin working ok for you? >> >> >> >> > Is CRS a prerequisite for this plugin ? as I don't use CRS I want to use >> > this without CRS. I understand this plugin rule uses LUA script. >> >> >> I cannot guarantee it for the future but, currently, it should work >> also without CRS. >> >> >> >> > I was able to see the virus name in the logs, however what is the >> variable >> > name for the filename which was scanned. so I will call that variable >> > inside the TAG or msg >> >> >> Filename if get directly from Modsecurity using FILES_TMPNAMES >> variable but it's only a temporary name of the uploaded file. >> >> >> >> azur >> >> >> >> >> > Thanks, >> > Homesh >> > >> > >> > On Mon, Oct 4, 2021 at 1:40 PM homesh joshi <ho...@gm...> wrote: >> > >> >> Thanks will test this and update you soon. >> >> >> >> On Mon, 4 Oct, 2021, 1:33 pm , <az...@po...> wrote: >> >> >> >>> Hi, >> >>> >> >>> if you are using CRS, please check this: >> >>> https://github.com/coreruleset/antivirus-plugin >> >>> >> >>> azur >> >>> >> >>> >> >>> Citát homesh joshi <ho...@gm...>: >> >>> >> >>> > Hi All, >> >>> > >> >>> > Hope you all are well. >> >>> > I have done the Modsecurity and ClamAV integration and am now able to >> >>> block >> >>> > the malicious file upload. I wanted to get the filename and virus >> name >> >>> > details inside modsec audit logs. >> >>> > >> >>> > I am not able to find any documentation on this. Can you please share >> >>> any >> >>> > document or tutorial on this ? >> >>> > >> >>> > Thanks, >> >>> > Homesh >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> _______________________________________________ >> >>> mod-security-users mailing list >> >>> mod...@li... >> >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> >>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> >>> http://www.modsecurity.org/projects/commercial/rules/ >> >>> http://www.modsecurity.org/projects/commercial/support/ >> >>> >> >> >> >> >> >> >> >> _______________________________________________ >> mod-security-users mailing list >> mod...@li... >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> |
