hi, I'm using modsecurity_crs_46_av_scanning to scan a file with clamAV when user uploads a file. When i tested i did get the log regarding the modsecurity telling its malicious but did not block it from uploading into the server. The modsecurity was running in active mode. How can it be that configured to block malicious file uploads? I got follow log:
Message: Warning. File "/tmp//20141208-005725-VIVn9H8AAQEAADlz2AAAAAAG-file-pDG9cN" rejected by the approver script "/usr/share/modsecurity-crs/util/av-scanning/runav.pl": 0 clamscan: Suspect.PDF.EmbeddedExecutable-2 [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_46_av_scanning.conf"] [line "17"] [id "950115"] [msg "Virus found in uploaded file"] [severity "CRITICAL"] [tag "MALICIOUS_SOFTWARE/VIRUS"] [tag "PCI/5.1"] Apache-Handler: application/x-httpd-php Stopwatch: 1418029044999223 91983157 (- - -) Stopwatch2: 1418029044999223 91983157; combined=90317213, p1=68, p2=90317138, p3=3, p4=0, p5=4, sr=0, sw=0, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/). Server: Apache/2.4.7 (Ubuntu) Engine-Mode: "ENABLED" --87cb1800-J-- 3,755390,"evil.pdf","<Unknown ContentType>" Total,755390 thanks
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
