logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: mod_clamav as a malware scanner for mod_security
Author
rjrosamond



Joined: 21 Feb 2013
Posts: 3
Location: Seattle, WA

PostPosted: Thu 21 Feb '13 21:38    Post subject: mod_clamav as a malware scanner for mod_security Reply with quote

I'm working on configuring mod_security on Apache and have it up and running just fine. The next step is to implement a ruleset in conjunction with a scanner which can intercept or quarantine bad files when POSTed.

We're looking at using rules produced by Atomic (https://www.atomicorp.com/wiki/index.php/Atomic_ModSecurity_Rules#05_asl_scanner.conf is the specific ruleset) and they recommend using ClamAV, which there is an Apache module for (http://software.othello.ch/mod_clamav/) but I can't seem to find one built for Windows, nor have I had any luck building it myself (I've tried using NMAKE.EXE, but there doesn't seem to be a compatible .mak file included with the mod_clamav package... I also do not really know what I'm doing when it comes to building an Apache module!). At the bottom of the mod_clamav page they mention users reporting difficulty performing Windows Updates with this module which might falsely lead you to believe somebody has it working in a Windows Apache environment, but researching further this is actually in reference to using Apache2 on Debian as a proxy for Windows machines (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=277787).

I'm not married to ClamAV (ClamWin, really)... just looking for a way of integrating malware/virus scanning with mod_security.

Am I going about this in the wrong direction, has anybody done this before, or am I S.O.L. without using a Unix box for Apache?

Thanks for any guidance you can provide! BTW, this is for a community college system and therefore non-commercial in nature.

Current production systems:
Apache/2.2.23 (Win32)
mod_ssl/2.2.23 OpenSSL/0.9.8x
PHP 5.2.17
MySQL 5.6.10 (offloaded to dedicated db servers)
Windows Server 2003 Enterprise, SP2

(We are concurrently working on our next-generation server configs with PHP 5.4.11 and Apache 2.4.3 on win32.)
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU

PostPosted: Thu 21 Feb '13 22:02    Post subject: Reply with quote

Neither saw mod clamav for Apache 2.2 and 2.4. Big chance that it not building on Windows, because specific *nix only stuff in it.


You can try also to ask on the mod-security-users list. The developers Breno and Ryan are given great support there.


Steffen
Back to top


Reply to topic   Topic: mod_clamav as a malware scanner for mod_security View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules