Re: Apache virus scanning

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On a large scale prod (200 000 users/day), I was using proxies working with antivirus through ICAP protocol (RFC 3507). The results were pretty good.
I am not sure we could use this technology with Apache, and ICAP seems a bit old now.

2016-03-09 16:45 GMT+01:00 Christopher Schultz <chris@xxxxxxxxxxxxxxxxxxxxxx>:
John,

On 3/9/16 10:21 AM, Rose, John B wrote:
> What about if your web sites allow for uploading files? Would you not want
> to scan those on upload before they got on your filesystem?

Sure, it would be nice to have the file scanned during upload, but I'm
guessing that the AV can't give an opinion on a file until it's been
completely-uploaded. In that case, do you really want to buffer the
whole file in memory to scan it?

I think the file is going to make it -- at least in part -- to the disk
either way, unless you have other controls in place such as upload-size
limits where you can make a good bet that in-memory scanning can be done
without bringing-down your server.

Anyhow, I don't have any particular experience with mod_clamav or
anything like that. Certainly I wouldn't rely upon it solely, since
there are other ways files can make it onto your server(s). But it
probably couldn't hurt.

Things I'd be worried about are which requests will be scanned by the
AV? Will every single GET/POST/etc. be scanned? That might cause a
significant impact on your response times. Also, the aforementioned
buffering -- does the file have to remain in memory to be scanned, or
will it be streamed to a disk somewhere first? You don't want AV-scans
to bust your memory cap.

-chris

> On 3/9/16 9:49 AM, "Christopher Schultz" <chris@xxxxxxxxxxxxxxxxxxxxxx>
> wrote:
>
>> John,
>>
>> On 3/8/16 6:02 PM, Rose, John B wrote:
>>> I am interested in both
>>>
>>> Thanks
>>>
>>> Sent from my iPad
>>>
>>>> On Mar 8, 2016, at 3:27 PM, Christopher Schultz
>>>> <chris@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>>>>
>>> John
>>>
>>>>>> On 3/8/16 2:43 PM, Rose, John B wrote:
>>>>>> Looking for comments on mod_clamav, and any other alternative
>>>>>> antivirus software for Apache on linux
>>>
>>> Are you trying to protect your clients or your servers?
>>
>> I would imagine that running any AV software that monitors the
>> filesystem for changes would be sufficient. Why do you think you need an
>> httpd module for this?
>>
>> -chris
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux