httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aurélien Terrestris <aterrest...@gmail.com>
Subject Re: [users@httpd] Apache virus scanning
Date Wed, 09 Mar 2016 16:12:21 GMT
On a large scale prod (200 000 users/day), I was using proxies working with
antivirus through ICAP protocol (RFC 3507). The results were pretty good.
I am not sure we could use this technology with Apache, and ICAP seems a
bit old now.

2016-03-09 16:45 GMT+01:00 Christopher Schultz <chris@christopherschultz.net
>:

> John,
>
> On 3/9/16 10:21 AM, Rose, John B wrote:
> > What about if your web sites allow for uploading files? Would you not
> want
> > to scan those on upload before they got on your filesystem?
>
> Sure, it would be nice to have the file scanned during upload, but I'm
> guessing that the AV can't give an opinion on a file until it's been
> completely-uploaded. In that case, do you really want to buffer the
> whole file in memory to scan it?
>
> I think the file is going to make it -- at least in part -- to the disk
> either way, unless you have other controls in place such as upload-size
> limits where you can make a good bet that in-memory scanning can be done
> without bringing-down your server.
>
> Anyhow, I don't have any particular experience with mod_clamav or
> anything like that. Certainly I wouldn't rely upon it solely, since
> there are other ways files can make it onto your server(s). But it
> probably couldn't hurt.
>
> Things I'd be worried about are which requests will be scanned by the
> AV? Will every single GET/POST/etc. be scanned? That might cause a
> significant impact on your response times. Also, the aforementioned
> buffering -- does the file have to remain in memory to be scanned, or
> will it be streamed to a disk somewhere first? You don't want AV-scans
> to bust your memory cap.
>
> -chris
>
> > On 3/9/16 9:49 AM, "Christopher Schultz" <chris@christopherschultz.net>
> > wrote:
> >
> >> John,
> >>
> >> On 3/8/16 6:02 PM, Rose, John B wrote:
> >>> I am interested in both
> >>>
> >>> Thanks
> >>>
> >>> Sent from my iPad
> >>>
> >>>> On Mar 8, 2016, at 3:27 PM, Christopher Schultz
> >>>> <chris@christopherschultz.net> wrote:
> >>>>
> >>> John
> >>>
> >>>>>> On 3/8/16 2:43 PM, Rose, John B wrote:
> >>>>>> Looking for comments on mod_clamav, and any other alternative
> >>>>>> antivirus software for Apache on linux
> >>>
> >>> Are you trying to protect your clients or your servers?
> >>
> >> I would imagine that running any AV software that monitors the
> >> filesystem for changes would be sufficient. Why do you think you need an
> >> httpd module for this?
> >>
> >> -chris
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message