| View previous topic :: View next topic |
| Author |
Message |
huuan
Apprentice
Joined: 19 Feb 2007
Posts: 265
Location: California
|
 Posted: Sat Dec 20, 2008 1:16 am Post subject: mod_security and modsec-clamscan.pl [solved] |
 |
|
I'm trying to configure a server to scan uploaded files with clamav
I found that mod_security for apache has an example script mentioned in the config file
/etc/apache2/modules.d/mod_security/10_config.conf
after I emerged mod_security
| Quote: | If there is a danger of attack through uploaded files then it
# is possible to configure an external script to inspect each file
# before it is seen by the application. An example script is
# included with ModSecurity (/util/modsec-clamscan.pl).
#
# Inspecting uploaded files is especially important in a hosting,
# community or blogging environments where uploading files is permitted.
#
# NOTE the t:none action is required in order not to process the files names
# passed to the script based on previously defined actions in a
# SecDefaultAction directive.
#
SecRule FILES_TMPNAMES "@inspectFile /opt/apache/bin/inspect_script.pl" \
"t:none"
|
but I can't find either of those files anywhere or anything similar, even searching for all *.pl* files
find / -iname "*.pl" | less
none found looks like either of those files mentioned.
Thinking it might have been stripped for portage I downloaded the source from breach but it wasn't there either.
Can someone please point me to where they might be found? Thanks
Last edited by huuan on Tue Dec 23, 2008 3:02 am; edited 1 time in total |
|
| Back to top |
|
 |
huuan
Apprentice
Joined: 19 Feb 2007
Posts: 265
Location: California
|
| Posted: Tue Dec 23, 2008 3:01 am Post subject: |
|
|
| the mod_security people now have a bug tracking for this issue and anyone who wants can get a version of the sript from the 1.9.x version on their website. |
|
| Back to top |
|
|
|
Networking & Security
