Volgograd

Волгоград Linux User Group

Организована 23 ноября 2002 года

Проект заморожен Птн Июл 6 02:11:14 MSD 2012


Вход:  Пароль:  

AvramenkoAndrew/apache2модцламав


Apache2-mod_clamav


Оглавление документа

Введение

Это форк проекта mod_clamav Dr. Andreas Müller. Поскольку проект в данный момент с его стороны не поддерживается, доработку и совместимость с более поздними версиями ClamAV и Apache обеспечиваю я. Версия программы увеличивается мною самостоятельно и не имеет ничего общего с версией в upstream.

Свежую, работоспособную версию пакета mod_clamav всегда можно взять в репозитарии Sisyphus.

Информацию об ошибках, которые не перечислены в секции TODO отправляйте мне на адрес электронной почты или в багзиллу.

Применение

Модуль mod_clamav может использоваться для антивирусной проверки исходящего трафика для определенной директории или при проксировании запросов бэкенду. Проверка входящего трафика (что должно быть более естественно) в данный момент находится в разработке.

Конфигурация

Пример конфигурации с комментариями:




Описание директив

ClamavMode

Синтаксис: Clamav Mode? local | daemon
По-умолчанию: local
Контекст: server config, virtual host, directory

Модуль может осуществлять антивирусную проверку локально с помощью библиотек clamav и с помощью демона clamd (запущенного на этой же машине). Соединение с демоном должно быть настроено с помощью директив Clamav Socket? или Clamav Port?.

ClamavSocket

Syntax: Clamav Socket? unix-domain-socket
Default: none
Context: server config, virtual host, directory

Указывает путь к unix-сокету, который слушает демон Clamd.
Specifies the path where the Clamav daemon clamd is listening. If this directive is not set, the daemon mode of the module assumes a TCP connection to the Clamav daemon.

ClamavPort

Syntax: Clamav Port? port
Default: none
Context: server config, virtual host, directory

Specifies the port number on which the clamav daemon is listening. Not that this directive only has any effect if Clamav Socket? is not specified.

ClamavTmpdir

Syntax: Clamav Tmpdir? tmp-dir
Default: /tmp
Context: server config, virtual host, directory

This directive defines the directory where temporary files should be stored until the can be scanned for viruses.

ClamavDbdir

Syntax: Clamav Dbdir? virus-pattern-dir
Default: same as that of your clamav installation
Context: server config, virtual host, directory

This directive defines the directory from which virus patterns are loaded.

ClamavReloadInterval

Syntax: Clamav Reload Interval? interval
Default: 0
Context: server config, virtual host, directory

The pattern database is reloaded if the last request is more then interval seconds in the past. A value of 0 means that the pattern database is never reloaded, to update patterns, the server must be gracefully restarted. Reloading is only necessary in local mode, in daemon mode its the daemon's business to keep the pattern matching engine up-to-date.

ClamavTrickleInterval

Syntax: Clamav Trickle Interval? interval
Default: 60
Context: server config, virtual host, directory

This directive sets the interval at which a block (normaly one byte, but configurable with the Clamav Trickle Size? directive) of the incoming data is sent to the browser to keep it happy. If your browsers are tolerant of long delays, this value can be increased.

Note that the trickle interval has a side effect that can affect your link load considerably: only when the trickle is sent to the client will the module be able to detect that the client has aborted the connection. A long trickle interval means that the server will continue downloading the file, although the client is no longer interested. This can fill up you link with downloads still going on no user is interested in.

Browsers behave quite differently with respect to timeouts. For some browsers, a single byte is not good enough, so you will want to increase the trickle size to a larger value. Download speeds below 1 byte/sec seem to be a problem for browsers. Apple's Safari browser times out after 60 seconds (Mozilla seems to be more patient), so you will have do make the trickle interval smaller than 60. Note also that the trickle interval is a minimum value, if a packet arrives from the remote server after that interval, then a trickle block is sent to the browser client. If no packets arrive from the remote server, no trickle blocks are sent to client either.

ClamavTrickleSize

Syntax: Clamav Trickle Size? size
Default: 1
Context: server config, virtual host, directory

This directive sets the size of the block sent after each trickle interval. See the description of the Clamav Trickle Interval? directive for details.

ClamavMaxfiles

Syntax: Clamav Maxfiles? number-of-files
Default: none
Context: server config, virtual host, directory

This directive sets the maxfiles limit variable in Clamav, please read the Clamav for the exact implications of this.

ClamavMaxfilesize

Syntax: Clamav Maxfilesize? filesize
Default: none
Context: server config, virtual host, directory

This directive sets the maxfilesize limit variable in Clamav, please read the Clamav documentation for the exact implications of this.

ClamavRecursion

Syntax: Clamav Recursion? depth
Default: none
Context: server config, virtual host, directory

This directive sets the recursion depth limit variable in Clamav, please read the Clamav for the exact implications of this.

ClamavSafetypes

Syntax: Clamav Safetypes? safe-mime-type ...
Default: none
Context: server config, virtual host, directory

Use this directive to specify a list of mime types that can safely be bypassed.

ClamavSafeURI

Syntax: Clamav Safetypes? [ host | uri ] pattern
Default: none
Context: server config, virtual host, directory

If a host or some URIs can safely be bypassed, use this directive to exclude them from virus scanning. With host as the first argument, all hosts matching the pattern are bypassed. With uri, the complete URI is matched against the pattern and virus scanning bypassed in case of a match. Example:

Clamav Safeuri? uri ^(f|ht)tp://safe-site\.net/safe-dir/.*\.gz$
Clamav Safeuri? host ^safe\.site\.net$
Clamav Safeuri? host safe-domain\.net$

ClamavSafepattern

Syntax: Clamav Safepattern? tag [ pattern [ mask ] ]
Default: none
Context: server config, virtual host, directory

This directive adds an object pattern which will be not scanned for viruses. The advantage of this directive is that even if a web server sends the wrong MIME type the object delivered by the web server will be properly classified. 'tag' is an identifier that is output when debugging is enabled. It needs not to be unique. If no pattern is given the first 16 bytes of the object must consist only of printable ASCII characters or TAB, CR and LF. A 'pattern' may consist of up to 16 bytes. Each byte may be given as a printable character or as a '\x' encoded hexadecimal value. The 'mask' is a bitmask which is applied to the object data before comparing the data with the 'pattern'. If not given the 'mask' defaults to '\xff' for all 'pattern' bytes. If a mask is given it may be shorter than the 'pattern', in this case the missing 'mask' bytes are '\xff'. A mask must consist of no more bytes than the 'pattern' has. Each byte may be given as a printable character or as a '\x' encoded hexadecimal value. A usable set of Clamav Safepattern? directives is included in the file safepatterns.conf in the mod_clamav distribution.

ClamavSizelimit

Syntax: Clamav Sizelimit? size
Default: 0
Context: server config, virtual host, directory

This directive sets the size of the largest part of a file that will be checked. By default, its value is 0, meaning the a file is scanned in its entirety. For a positive value, a chunk of at least size bytes is downloaded and checked for viruses. If nothing is found, the rest of the file is downloaded without checking.
Clamav Accept Daemonproblem?
Syntax: Clamav Accept Daemonproblem? on | off
Default: off
Context: server config, virtual host, directory

Setting this to on causes the daemon to accept files as OK if the daemon had a problem checking the file, and returned a bad reply.

ClamavPermissions

Syntax: Clamav Permissions? perms
Default: 0640
Context: server config, virtual host, directory

Set the file permissions for temporary files to this value. perms must be an octal value encoding the permissions.

ClamavShm

Syntax: Clamav Shm? shmfilename
Default: /var/tmp/clamav.shm
Context: server config, virtual host, directory

Shared memory uses a filename to identify the shared memory segment. Since different instances of Apache should use different shared memory segments, the filename must be configurable.

ClamavMutex

Syntax: Clamav Mutex? mutexfilename
Default: /var/tmp/clamav.lock
Context: server config, virtual host, directory

This directive specifies the file name to be used for mutex locking.
Clamav Message?
Syntax: Clamav Message? message text
Default: none
Context: server config, virtual host, directory

Sets a custom virus notification message. The following replacements are possible: '%%' is replaced by '%', '%i' is replaced by information about mod_clamav, '%u' is replaced by the requested URI and '%v' is replaced by the name of the virus detected. See the example given in the file message.conf included in the mod_clamav distribution.

ClamavExtendedLogging

Syntax: Clamav Extended Logging? on | off
Default: off
Context: server config, virtual host, directory

If turned on, mod_clamav writes four additional notes to the request table, namely clamav:status with possible values passed, bypassed, aborted, INFECTED or failed, clamav:details, clamav:virusname and clamav:longstatus (a string built out of the other notes). These notes can then be used to output detailed logs with mod_logconfig, e.g. using the following log configuration:

Log Format? "%t %!304{clamav:status}n %{clamav:virusname}n request=\"%r\", status=%>s, sent=%!304b, delay=%!304D" clamav_stats
Custom Log? logs/scan_log clamav_stats

Roadmap и TODO

– Необходимо решить проблему с недоступностью статистики.
– Необходимо переписать фильтр для возможности сканирования входящего трафика, т.к. лучше вирус не допустить, чем пропустить на сервер, а потом блокировать при загрузке пользователями.