Re: [mod-security-users] more on clamAV and mod_security
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] more on clamAV and mod_security
|
From: Ivan R. <iv...@we...> - 2005-11-23 17:27:36
|
Justin Grindea wrote: > hi, > > I gave another shot to this setup, on a different server using apache2, > modsec 1.9 (stable) and PHP. > This server only serves a webmail system - SquirrelMail. > > The script works OK here, no su_exec or permissions problems. > If I upload an attachment to the message in SM, it gets scanned OK. > When I hit the "Send" button to actually have the message sent, I get > 500 error. > Look like modsec thinks I'm uploading a file again and looks for an > uploaded file again. > > This is the error from audit_log: > > mod_security-message: Access denied with code 500. Error verifying > files: File "/tmp/webfiles/20051123-025721-XXX.XXX.XXX.XXX-" rejected by > the approver script "/var/www/cgi-bin//modsec-clamscan.pl" > > (no file name is after the dash) That looks like the script is rejecting an empty file (which it should not do). Can you increase the debug log level to at least 2, try that again, and then look in the debug log for a line that begins with "Approver script said:"? What did the approver script say? -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
