httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wei-min Lee <weimin.b....@gmail.com>
Subject Re: [users@httpd] Apache virus scanning
Date Wed, 09 Mar 2016 20:18:16 GMT
You could use clamav via ICAP with squid transparently in front of apache.

http://wiki.squid-cache.org/ConfigExamples/ContentAdaptation/C-ICAP
http://squidclamav.darold.net/config.html
http://louwrentius.com/setting-up-a-squid-proxy-with-clamav-anti-virus-using-c-icap.html

On Wed, Mar 9, 2016 at 8:12 AM, Aurélien Terrestris <aterrestris@gmail.com>
wrote:

> On a large scale prod (200 000 users/day), I was using proxies working
> with antivirus through ICAP protocol (RFC 3507). The results were pretty
> good.
> I am not sure we could use this technology with Apache, and ICAP seems a
> bit old now.
>
> 2016-03-09 16:45 GMT+01:00 Christopher Schultz <
> chris@christopherschultz.net>:
>
>> John,
>>
>> On 3/9/16 10:21 AM, Rose, John B wrote:
>> > What about if your web sites allow for uploading files? Would you not
>> want
>> > to scan those on upload before they got on your filesystem?
>>
>> Sure, it would be nice to have the file scanned during upload, but I'm
>> guessing that the AV can't give an opinion on a file until it's been
>> completely-uploaded. In that case, do you really want to buffer the
>> whole file in memory to scan it?
>>
>> I think the file is going to make it -- at least in part -- to the disk
>> either way, unless you have other controls in place such as upload-size
>> limits where you can make a good bet that in-memory scanning can be done
>> without bringing-down your server.
>>
>> Anyhow, I don't have any particular experience with mod_clamav or
>> anything like that. Certainly I wouldn't rely upon it solely, since
>> there are other ways files can make it onto your server(s). But it
>> probably couldn't hurt.
>>
>> Things I'd be worried about are which requests will be scanned by the
>> AV? Will every single GET/POST/etc. be scanned? That might cause a
>> significant impact on your response times. Also, the aforementioned
>> buffering -- does the file have to remain in memory to be scanned, or
>> will it be streamed to a disk somewhere first? You don't want AV-scans
>> to bust your memory cap.
>>
>> -chris
>>
>> > On 3/9/16 9:49 AM, "Christopher Schultz" <chris@christopherschultz.net>
>> > wrote:
>> >
>> >> John,
>> >>
>> >> On 3/8/16 6:02 PM, Rose, John B wrote:
>> >>> I am interested in both
>> >>>
>> >>> Thanks
>> >>>
>> >>> Sent from my iPad
>> >>>
>> >>>> On Mar 8, 2016, at 3:27 PM, Christopher Schultz
>> >>>> <chris@christopherschultz.net> wrote:
>> >>>>
>> >>> John
>> >>>
>> >>>>>> On 3/8/16 2:43 PM, Rose, John B wrote:
>> >>>>>> Looking for comments on mod_clamav, and any other alternative
>> >>>>>> antivirus software for Apache on linux
>> >>>
>> >>> Are you trying to protect your clients or your servers?
>> >>
>> >> I would imagine that running any AV software that monitors the
>> >> filesystem for changes would be sufficient. Why do you think you need
>> an
>> >> httpd module for this?
>> >>
>> >> -chris
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >> For additional commands, e-mail: users-help@httpd.apache.org
>> >>
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> > For additional commands, e-mail: users-help@httpd.apache.org
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>


-- 
*~Wei-min Lee~*

Mime
View raw message