4 # ModSecurity for Apache (http://www.modsecurity.org)
5 # Copyright (c) 2002-2007 Breach Security, Inc. (http://www.breach.com)
7 # This script is an interface between mod_security and its
8 # ability to intercept files being uploaded through the
9 # web server, and ClamAV
11 # by default use the command-line version of ClamAV,
12 # which is slower but more likely to work out of the
14 $CLAMSCAN = "/usr/bin/clamscan";
16 # using ClamAV in daemon mode is faster since the
17 # anti-virus engine is already running, but you also
18 # need to configure file permissions to allow ClamAV,
19 # usually running as a user other than the one Apache
20 # is running as, to access the files
21 # $CLAMSCAN = "/usr/bin/clamdscan";
24 print "Usage: modsec-clamscan.pl <filename>\n";
30 $cmd = "$CLAMSCAN --stdout --disable-summary $FILE";
35 $output = "0 Unable to parse clamscan output [$1]";
37 if ($error_message =~ m/: Empty file\.?$/) {
38 $output = "1 empty file";
40 elsif ($error_message =~ m/: (.+) ERROR$/) {
41 $output = "0 clamscan: $1";
43 elsif ($error_message =~ m/: (.+) FOUND$/) {
44 $output = "0 clamscan: $1";
46 elsif ($error_message =~ m/: OK$/) {
47 $output = "1 clamscan: OK";