Hi All I am not sure if this is the right place to post this question, if its wrong i am sorry. system perfect set up fedora Core 6 Ispconfig I have a php file upload script running on a site I am working on at the moment. I was wondering if it was possible to get clamav to scan the files on upload. I have googled about abit and read a few things about ModSecurity and from what I can tell this will work with clamav but it seems beyond my understanding at the moment on how to do it, especially with ispconfig being installed also I am learning as i go along. what i need is a "how to" really If anyone can help or has done it before any help would be appreciated. cheers Tony
I have installed and configured ModSecurity and that part is now working fine. I just need to know how to link it up with clamav? Cheers
Hi Falko Thanks again for your help. I have hade a look at that link and it does sound good. When reading, it gives the impression it will only work with PHP 5.2, the version I have is 5.1.6. Does this mean I will have to upgrade the PHP, and if so will this affect the IspConfig installation? Will I have to reinstall IspConfig after upgrading the PHP? How do I upgrade the PHP on fedora core 6 Lamp system? I originally was looking at the way described here http://www.modsecurity.org/documentation/modsecurity-apache/1.9.3/html-multipage/06-special_features.html I have experimented with the ModSecurity part, but i am not sure what to do with that perl script. Which way would you do it? I don't mind having to reinstall IspConfig etc Thanks again and sorry about all the questions.
You don't need to update ISPConfig. I'm not sure if there's a PHP 5.2.0 package for Fedora, but you can search for it like this: Code: yum search php If there isn't, I'd use Google to find a third-party Fedora repository that has a PHP 5.2.0 rpm and install that one. OTherwise you'd have to compile PHP from the sources (which you shouldn't do unless absolutely necessary).
Hi Falko I think i have got confused, the info in that link you sent me should work with my set up. I have tried to make a start, but when i try to install the package phplibclamav-0.4.0, it comes up with.... "configure: error: Cannot find libclamav" So I am not sure how to proceed. I guess i need libclamav, but is that not part of the ISPconfig setup? Cheers Tony.
The package seems to search for libclamav in a standard location. What's the output of Code: yum search clamav ?
Hi Falko I think its working!! I have had a few more hours sleep, that always helps! and the ModSecurity method seems to be working great. I downloaded the EICAR test file virus and when i tried to upload it to the server, it blocked that straight away and redirected to my invalid_request.html page. I then tried a clean file just to check and that uploaded fine. I have tested the virus file embedded in various zip formats and it still finds it and blocks it every time. After following your How to guide on ModSecurity, Basically I just added these extra lines inside the mod_security.conf SecFilterScanPOST On SecUploadDir /path/to/your/file_upload/directory SecUploadApproveScript /path/to/the/file/modsec-clamscan.pl SecFilterDefaultAction "deny,log,redirect:http://www.example.com/invalid_request.html I didn't need to change anything inside, modsec-clamscan.pl Does this sound right to you? If this is working correctly, that will do me. I would like to thank you again for your speedy replies and also wish you and everyone at Howto forge, a Merry Christmas and a Happy New Year. Tony.
