httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wei-min Lee <weimin.b....@gmail.com>
Subject Re: [users@httpd] Apache virus scanning
Date Wed, 09 Mar 2016 20:22:59 GMT
Using ICAP is a good way to go so that the person uploading files can be
notified of upload fails due to the virus scan.  Relying on filesystem
virus scans lacks visibility of quarantined/rejected files.

On Wed, Mar 9, 2016 at 12:18 PM, Wei-min Lee <weimin.b.lee@gmail.com> wrote:

> You could use clamav via ICAP with squid transparently in front of apache.
>
> http://wiki.squid-cache.org/ConfigExamples/ContentAdaptation/C-ICAP
> http://squidclamav.darold.net/config.html
>
> http://louwrentius.com/setting-up-a-squid-proxy-with-clamav-anti-virus-using-c-icap.html
>
> On Wed, Mar 9, 2016 at 8:12 AM, Aurélien Terrestris <aterrestris@gmail.com
> > wrote:
>
>> On a large scale prod (200 000 users/day), I was using proxies working
>> with antivirus through ICAP protocol (RFC 3507). The results were pretty
>> good.
>> I am not sure we could use this technology with Apache, and ICAP seems a
>> bit old now.
>>
>> 2016-03-09 16:45 GMT+01:00 Christopher Schultz <
>> chris@christopherschultz.net>:
>>
>>> John,
>>>
>>> On 3/9/16 10:21 AM, Rose, John B wrote:
>>> > What about if your web sites allow for uploading files? Would you not
>>> want
>>> > to scan those on upload before they got on your filesystem?
>>>
>>> Sure, it would be nice to have the file scanned during upload, but I'm
>>> guessing that the AV can't give an opinion on a file until it's been
>>> completely-uploaded. In that case, do you really want to buffer the
>>> whole file in memory to scan it?
>>>
>>> I think the file is going to make it -- at least in part -- to the disk
>>> either way, unless you have other controls in place such as upload-size
>>> limits where you can make a good bet that in-memory scanning can be done
>>> without bringing-down your server.
>>>
>>> Anyhow, I don't have any particular experience with mod_clamav or
>>> anything like that. Certainly I wouldn't rely upon it solely, since
>>> there are other ways files can make it onto your server(s). But it
>>> probably couldn't hurt.
>>>
>>> Things I'd be worried about are which requests will be scanned by the
>>> AV? Will every single GET/POST/etc. be scanned? That might cause a
>>> significant impact on your response times. Also, the aforementioned
>>> buffering -- does the file have to remain in memory to be scanned, or
>>> will it be streamed to a disk somewhere first? You don't want AV-scans
>>> to bust your memory cap.
>>>
>>> -chris
>>>
>>> > On 3/9/16 9:49 AM, "Christopher Schultz" <chris@christopherschultz.net
>>> >
>>> > wrote:
>>> >
>>> >> John,
>>> >>
>>> >> On 3/8/16 6:02 PM, Rose, John B wrote:
>>> >>> I am interested in both
>>> >>>
>>> >>> Thanks
>>> >>>
>>> >>> Sent from my iPad
>>> >>>
>>> >>>> On Mar 8, 2016, at 3:27 PM, Christopher Schultz
>>> >>>> <chris@christopherschultz.net> wrote:
>>> >>>>
>>> >>> John
>>> >>>
>>> >>>>>> On 3/8/16 2:43 PM, Rose, John B wrote:
>>> >>>>>> Looking for comments on mod_clamav, and any other alternative
>>> >>>>>> antivirus software for Apache on linux
>>> >>>
>>> >>> Are you trying to protect your clients or your servers?
>>> >>
>>> >> I would imagine that running any AV software that monitors the
>>> >> filesystem for changes would be sufficient. Why do you think you need
>>> an
>>> >> httpd module for this?
>>> >>
>>> >> -chris
>>> >>
>>> >> ---------------------------------------------------------------------
>>> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> >> For additional commands, e-mail: users-help@httpd.apache.org
>>> >>
>>> >
>>> >
>>> > ---------------------------------------------------------------------
>>> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> > For additional commands, e-mail: users-help@httpd.apache.org
>>> >
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>
>
>
> --
> *~Wei-min Lee~*
>



-- 
*~Wei-min Lee~*

Mime
View raw message