|
From: homesh j. <ho...@gm...> - 2021-10-18 18:29:45
|
Thanks for your efforts. Will test this tomorrow and let you know. Regards, Homesh On Mon, 18 Oct, 2021, 11:53 pm , <az...@po...> wrote: > Good news everyone (mainly Homesh)! > > As HTTP protocol allows uploading of multiple files at once, it > appears to be a good idea to have a filename of infected file in logs. > I decided to add this functionality. > > Homesh, please redownload everything and try again: > https://github.com/coreruleset/antivirus-plugin > > Let me know if it's working for you, thanks. > > Enjoy! > > > > Citát homesh joshi <ho...@gm...>: > > > Dear Azur, > > > > Yes I was able to do the testing using your plugin. > > I want to report the filename also in the reporting dashboard saying that > > filename = xyz.pdf virusname=abc > > Now I am able to get the virusname but want to know the filename as well. > > > > Thanks, > > Homesh > > > > > > On Mon, Oct 18, 2021 at 12:06 PM <az...@po...> wrote: > > > >> Hi Homesh, > >> > >> > >> > Thank you very much for the suggestion on antivirus plugin. > >> > I tested the antivirus plugin with CRS I have following queries > >> > >> > >> You are welcome! Is plugin working ok for you? > >> > >> > >> > >> > Is CRS a prerequisite for this plugin ? as I don't use CRS I want to > use > >> > this without CRS. I understand this plugin rule uses LUA script. > >> > >> > >> I cannot guarantee it for the future but, currently, it should work > >> also without CRS. > >> > >> > >> > >> > I was able to see the virus name in the logs, however what is the > >> variable > >> > name for the filename which was scanned. so I will call that variable > >> > inside the TAG or msg > >> > >> > >> Filename if get directly from Modsecurity using FILES_TMPNAMES > >> variable but it's only a temporary name of the uploaded file. > >> > >> > >> > >> azur > >> > >> > >> > >> > >> > Thanks, > >> > Homesh > >> > > >> > > >> > On Mon, Oct 4, 2021 at 1:40 PM homesh joshi <ho...@gm...> > wrote: > >> > > >> >> Thanks will test this and update you soon. > >> >> > >> >> On Mon, 4 Oct, 2021, 1:33 pm , <az...@po...> wrote: > >> >> > >> >>> Hi, > >> >>> > >> >>> if you are using CRS, please check this: > >> >>> https://github.com/coreruleset/antivirus-plugin > >> >>> > >> >>> azur > >> >>> > >> >>> > >> >>> Citát homesh joshi <ho...@gm...>: > >> >>> > >> >>> > Hi All, > >> >>> > > >> >>> > Hope you all are well. > >> >>> > I have done the Modsecurity and ClamAV integration and am now > able to > >> >>> block > >> >>> > the malicious file upload. I wanted to get the filename and virus > >> name > >> >>> > details inside modsec audit logs. > >> >>> > > >> >>> > I am not able to find any documentation on this. Can you please > share > >> >>> any > >> >>> > document or tutorial on this ? > >> >>> > > >> >>> > Thanks, > >> >>> > Homesh > >> >>> > >> >>> > >> >>> > >> >>> > >> >>> > >> >>> _______________________________________________ > >> >>> mod-security-users mailing list > >> >>> mod...@li... > >> >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users > >> >>> Commercial ModSecurity Rules and Support from Trustwave's > SpiderLabs: > >> >>> http://www.modsecurity.org/projects/commercial/rules/ > >> >>> http://www.modsecurity.org/projects/commercial/support/ > >> >>> > >> >> > >> > >> > >> > >> > >> > >> _______________________________________________ > >> mod-security-users mailing list > >> mod...@li... > >> https://lists.sourceforge.net/lists/listinfo/mod-security-users > >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > >> http://www.modsecurity.org/projects/commercial/rules/ > >> http://www.modsecurity.org/projects/commercial/support/ > >> > > > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > |
