Apache::ProxyScan - proxy module to integrate content scanners
# httpd.conf # example for clamav PerlTransHandler Apache::ProxyScan PerlSetVar ProxyScanScanner "/usr/local/bin/clamav.pl" PerlSetVar ProxyScanTempDir /var/cache/virus/dl/ PerlSetVar ProxyScanPredeliverSize 102400 PerlSetVar ProxyScanTrustedExtension ".html .htm" PerlSetVar ProxyScanTrustedExtension "image/* text/html" PerlSetEnv SCAN_TMP /var/cache/virus/av/
This module provides the integration of any commandline virus scanning tool into the proxy chain of apache. It works better than cgi solutions because this module uses libwww-perl as it's web client, feeding the response back into the Apache API request_rec structure. For this reason there are no troubles with authentication nor cookie sites.
`PerlHandler' will only be invoked if the request is a proxy request, otherwise, your normal server configuration will handle the request. The normal server configuration will also handle the CONNECT requests if defined for this.
I tested it with clamav, sophos, rav and mcafee.
This module is configured with PerlSetVar and PerlSetEnv.
This is the command executed to scan the downloaded file before delivering. We use standard executables, normally perl.
The only parameter given to the executable is the temporary filename of the file to be tested.
The script must return 0 if the file is clean and tested und the file must not be deleted. If the return code ist not 0 and the file still exists, we assume that the call of the scanner wrapper failed. The file is not deliverd. If the return code ist not 0 and the file is deleted, then the Handler returns the standard output of the wrapper script.
This is the directory where LWP::UserAgent downloads the requested files. Make sure that it provides enough space for you surf load.
PerlSetVar ProxyScanTempDir /var/cache/virus/dl/
Often the scanner itself have another place where to store their temporary files. Make sure that it provides enough space, too.
There are usability problem downloading large files, because the files are download first, then checked and then delivered. This causes problems with timeouts and "non-responding" browsers.
If the Content-Length of the response is bigger than ProxyScanPredeliverSize the header is delivered immediately including 5 bytes of content. Then the file is downloaded and scanned and delivered if clean. If there is a virus found, there is a major problem to report this to the user, because the header including Content-Type is sent yet. In this case we do not deliver any more bytes but add the standard error page. The average user would not read this message, but ProxyScan prevented the download of a infected file.
If not defined a value of 102400 (100 K) is preset.
This is the most dangerous option. You are able to configure file extensions that are delivered unchecked. File Extensions are not really trustworthy, so only define Trusted Extensions if you know about the implication. It is mainly to decrease the load. The request is handled via the original apache proxy module, so make sure you activated this.
This is the better solution to prevent av scanning on special files. This time MimeMagic tests are done an the first 4K of the file. If the detected MimeType is in TrustedMIME it would be delivered without checking and in time.
The syntax of the ProxyScanTrustedMIME is
ProxyScanTrustedMIME "image/* text/html"
This allows every image to pass and every text/HTML file unchecked.
The scripts starting the scan processes try to set the path for the temporary files created by the scanner itself.
PerlSetEnv SCAN_TMP /var/cache/virus/av/
I need more example configuration for other scanner products. If a file is infected, the scanner should delete it.
In Apache-ProxyScan-X.XX/eg/ are wrapper scripts for several virus scanner.
I need tests and examples for the integration of other content scanner products, free and non free. (Kaspersky, Trendmicro, AntiVir)
Other things nice-to-have would be real configuration directives, a special logfile for ProxyScan, a memory for infected files to deliver real error messages if the user tries a second download and a cleanup of the delivered http headers.
The latest version of this module can be found at CPAN and at http://www.sourcentral.org/Apache-ProxyScan/. Send questions and suggestions directly to the author (see below).
mod_perl, Apache, LWP::UserAgent
Oliver Paukstadt <cpan@sourcentral.org>
Based on Apache::ProxyPassThrough from Bjoern Hansen and Doug MacEachern
Copyright (c) 2002-2003 Oliver Paukstadt. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
DA FORCE COMING DOWN WITH MAYHEM LOOKING AT MY WATCH TIME 3.A.M.
To install Apache::ProxyScan, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Apache::ProxyScan
CPAN shell
perl -MCPAN -e shell install Apache::ProxyScan
For more information on module installation, please visit the detailed CPAN module installation guide.