ClamAV® is an open source antivirus engine for detecting Trojans, viruses, malware & other malicious threats.
We scan every file which is uploaded to the server with clamdscan daemon.
ModSecurity – USAGE:
SecRule FILES_TMPNAMES "@inspectFile /usr/local/bin/runav.pl" \
"phase:2,t:none,block,msg:'Virus found in uploaded file',id:'399999'"
Example clamdscan path in cPanel server:
$CLAMDSCAN = "/usr/local/cpanel/3rdparty/bin/clamdscan";
runav.pl – perl script: (remember chmod 755)
#!/usr/bin/perl
#
# runav.pl
#
# This script is an interface between ModSecurity and its
# ability to intercept files being uploaded through the
# web server, and ClamAV
# Fix clamdscan path to correct!
$CLAMDSCAN = "/usr/local/bin/clamdscan";
if ($#ARGV != 0) {
print "Usage: runav.pl <filename>\n";
exit;
}
my ($FILE) = shift @ARGV;
$cmd = "$CLAMDSCAN --stdout --no-summary $FILE";
$input = `$cmd`;
$input =~ m/^(.+)/;
$error_message = $1;
$output = "0 Unable to parse clamscan output [$1]";
if ($error_message =~ m/: Empty file\.?$/) {
$output = "1 empty file";
}
elsif ($error_message =~ m/: (.+) ERROR$/) {
$output = "0 clamscan: $1";
}
elsif ($error_message =~ m/: (.+) FOUND$/) {
$output = "0 clamscan: $1";
}
elsif ($error_message =~ m/: OK$/) {
$output = "1 clamscan: OK";
}
print "$output\n";