On a large scale prod (200 000 users/day), I was using proxies working with antivirus through ICAP protocol (RFC 3507). The results were pretty good. I am not sure we could use this technology with Apache, and ICAP seems a bit old now.
2016-03-09 16:45 GMT+01:00 Christopher Schultz <ch...@christopherschultz.net >: > John, > > On 3/9/16 10:21 AM, Rose, John B wrote: > > What about if your web sites allow for uploading files? Would you not > want > > to scan those on upload before they got on your filesystem? > > Sure, it would be nice to have the file scanned during upload, but I'm > guessing that the AV can't give an opinion on a file until it's been > completely-uploaded. In that case, do you really want to buffer the > whole file in memory to scan it? > > I think the file is going to make it -- at least in part -- to the disk > either way, unless you have other controls in place such as upload-size > limits where you can make a good bet that in-memory scanning can be done > without bringing-down your server. > > Anyhow, I don't have any particular experience with mod_clamav or > anything like that. Certainly I wouldn't rely upon it solely, since > there are other ways files can make it onto your server(s). But it > probably couldn't hurt. > > Things I'd be worried about are which requests will be scanned by the > AV? Will every single GET/POST/etc. be scanned? That might cause a > significant impact on your response times. Also, the aforementioned > buffering -- does the file have to remain in memory to be scanned, or > will it be streamed to a disk somewhere first? You don't want AV-scans > to bust your memory cap. > > -chris > > > On 3/9/16 9:49 AM, "Christopher Schultz" <ch...@christopherschultz.net> > > wrote: > > > >> John, > >> > >> On 3/8/16 6:02 PM, Rose, John B wrote: > >>> I am interested in both > >>> > >>> Thanks > >>> > >>> Sent from my iPad > >>> > >>>> On Mar 8, 2016, at 3:27 PM, Christopher Schultz > >>>> <ch...@christopherschultz.net> wrote: > >>>> > >>> John > >>> > >>>>>> On 3/8/16 2:43 PM, Rose, John B wrote: > >>>>>> Looking for comments on mod_clamav, and any other alternative > >>>>>> antivirus software for Apache on linux > >>> > >>> Are you trying to protect your clients or your servers? > >> > >> I would imagine that running any AV software that monitors the > >> filesystem for changes would be sufficient. Why do you think you need an > >> httpd module for this? > >> > >> -chris > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >> For additional commands, e-mail: users-h...@httpd.apache.org > >> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
