You could use clamav via ICAP with squid transparently in front of apache. http://wiki.squid-cache.org/ConfigExamples/ContentAdaptation/C-ICAP http://squidclamav.darold.net/config.html http://louwrentius.com/setting-up-a-squid-proxy-with-clamav-anti-virus-using-c-icap.html
On Wed, Mar 9, 2016 at 8:12 AM, Aurélien Terrestris <aterrest...@gmail.com> wrote: > On a large scale prod (200 000 users/day), I was using proxies working > with antivirus through ICAP protocol (RFC 3507). The results were pretty > good. > I am not sure we could use this technology with Apache, and ICAP seems a > bit old now. > > 2016-03-09 16:45 GMT+01:00 Christopher Schultz < > ch...@christopherschultz.net>: > >> John, >> >> On 3/9/16 10:21 AM, Rose, John B wrote: >> > What about if your web sites allow for uploading files? Would you not >> want >> > to scan those on upload before they got on your filesystem? >> >> Sure, it would be nice to have the file scanned during upload, but I'm >> guessing that the AV can't give an opinion on a file until it's been >> completely-uploaded. In that case, do you really want to buffer the >> whole file in memory to scan it? >> >> I think the file is going to make it -- at least in part -- to the disk >> either way, unless you have other controls in place such as upload-size >> limits where you can make a good bet that in-memory scanning can be done >> without bringing-down your server. >> >> Anyhow, I don't have any particular experience with mod_clamav or >> anything like that. Certainly I wouldn't rely upon it solely, since >> there are other ways files can make it onto your server(s). But it >> probably couldn't hurt. >> >> Things I'd be worried about are which requests will be scanned by the >> AV? Will every single GET/POST/etc. be scanned? That might cause a >> significant impact on your response times. Also, the aforementioned >> buffering -- does the file have to remain in memory to be scanned, or >> will it be streamed to a disk somewhere first? You don't want AV-scans >> to bust your memory cap. >> >> -chris >> >> > On 3/9/16 9:49 AM, "Christopher Schultz" <ch...@christopherschultz.net> >> > wrote: >> > >> >> John, >> >> >> >> On 3/8/16 6:02 PM, Rose, John B wrote: >> >>> I am interested in both >> >>> >> >>> Thanks >> >>> >> >>> Sent from my iPad >> >>> >> >>>> On Mar 8, 2016, at 3:27 PM, Christopher Schultz >> >>>> <ch...@christopherschultz.net> wrote: >> >>>> >> >>> John >> >>> >> >>>>>> On 3/8/16 2:43 PM, Rose, John B wrote: >> >>>>>> Looking for comments on mod_clamav, and any other alternative >> >>>>>> antivirus software for Apache on linux >> >>> >> >>> Are you trying to protect your clients or your servers? >> >> >> >> I would imagine that running any AV software that monitors the >> >> filesystem for changes would be sufficient. Why do you think you need >> an >> >> httpd module for this? >> >> >> >> -chris >> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> >> > >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> > For additional commands, e-mail: users-h...@httpd.apache.org >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> > -- *~Wei-min Lee~*
