[Mod-security-rules] To add new field in malware detection script.
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[Mod-security-rules] To add new field in malware detection script.
|
From: Rakesh B. <rak...@gm...> - 2024-07-05 14:43:41
|
Hi There,
I am using modsecurity in my apache web server. In modsecurity we have one
rule to block malicious file. Below is the rule. We are detect malware file
using antivirus.lua script.Now we are successfully getting Virus name and
file name of malicious file. Our requirement is to get md5 hash value of
same malicious file
---------Modsecurity Rule--------------
SecRule FILES_TMPNAMES "@inspectFile antivirus.lua"
"id:9502120,phase:2,deny,setvar:tx.swrule=1,setvar:tx.msgrule=%{rule.msg},setvar:tx.idrule=%{
rule.id},setvar:tx.severityrule=%{rule.severity},t:none,msg:'Malicious File
Upload',logdata:'Virus %{tx.antivirus-plugin_virus_name} found in uploaded
file %{tx.antivirus-plugin_file_name}.',tag:'Virus
%{tx.antivirus-plugin_virus_name} found in uploaded file
%{tx.antivirus-plugin_file_name}.',ver:'antivirus-plugin/1.0.0',severity:'CRITICAL',chain"
SecRule TX:ANTIVIRUS-PLUGIN_VIRUS_NAME "@streq
%{tx.antivirus-plugin_virus_name}"
---------Modsecurity Rule--------------
Attached is the lua script which we are using currently.
Thanks,
Rakesh
|
