Re: [mp2.0] Input Filter virus scan (more info)
Issac Goldstand wrote: [snip] . Notice that you may need to have to store the context data between filter calls, which currently is not supported, but I'm working on adding this feature asap. If you need to store something in between the filter calls (filter may get the data in chunks, every time it's called it may only gets a chunk of data), the context is the way to store such data (e.g. partial bucket brigades, counters, etc.). Just give me some time and I'll commit the implementation and the updated doc with examples. I'm experiencing some problems with not seeing EOS, which prevents me from completing it. Stay tuned. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
Re: [mp2.0] Input Filter virus scan (more info)
Chris Hoffmann wrote: [...] My need is to scan incoming data. If anyone has used mod_vscan on incoming data or know if the All-in-One Filter example located at; http://perl.apache.org/docs/2.0/user/handlers/filters.html#All_in_One_Filter can do this please contact me. I'm not familiar with mod_vscan and you don't specify how the scan filter works, but I see no reason why it shouldn't work, as long as all you need is an access to the request's headers. Notice that you may need to have to store the context data between filter calls, which currently is not supported, but I'm working on adding this feature asap. Also all-in-one filter is an example of how to snoop on the data going through the filter, since you don't need the output filter, you can use a simpler only-input connection filter: http://perl.apache.org/docs/2.0/user/handlers/filters.html#Connection_Output_Filters One more thing that needs to be figured out is how to make the filter abort the normal request processing if the virus is discovered and return a 40x response. __ Stas BekmanJAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide --- http://perl.apache.org mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com http://modperlbook.org http://apache.org http://ticketmaster.com
[mp2.0] Input Filter virus scan (more info)
Me again, I have been asked to supply more details of what I am trying to achieve with the Input Filter. The following is an attempt to clearly define more requirements. I have an Apache/2.0.43 + mod_perl/1.99_08-dev + Perl/5.8.0 server that hosts simple static html and dynamic perl generated pages. I am unable to modify perl scripts without voiding my warranty. I therefore require a PerlInputFilterHandler to process the Apache request object and then pass it onto the default handler. The PerlInputFilterHandler is to scan the request object with an Anti Virus program (such as Sophos). If a virus is located the request should be blocked and a response displayed on the clients browser. If clean the request will be allowed to pass to the default handler. All this is to happen in the background and without the users' knowledge. I have found a module called mod_vscan by Kazutoshi Kubota [EMAIL PROTECTED] at http://www.willbe6.org/security/mod_vscan/ But this C code appears to only handle output from the server. My need is to scan incoming data. If anyone has used mod_vscan on incoming data or know if the All-in-One Filter example located at; http://perl.apache.org/docs/2.0/user/handlers/filters.html#All_in_One_Filter can do this please contact me. Chris. [EMAIL PROTECTED]
