Question

我在Debian Jessie服务器上安装了带有OWASP规则的mod_security，并遇到了它没有运行＆＃34; runav.pl＆＃34;我尝试上传文件时的脚本。

我修改了脚本以创建/tmp/filewrite.txt，内容为＆＃34;测试文本＆＃34;什么时候运行。如果我手动运行它会创建文件，但是当我上传文件时它不会创建上面提到的测试文件。

这是修改后的runav.pl脚本：

#!/usr/bin/perl
#
# runav.pl
# Copyright (c) 2004-2011 Trustwave
#
# This script is an interface between ModSecurity and its
# ability to intercept files being uploaded through the
# web server, and ClamAV

my $filename = '/tmp/filewrite.txt';
open(my $fh, '>', $filename);
print $fh "Test text\n";
close $fh;

$CLAMSCAN = "clamdscan";

if ($#ARGV != 0) {
    print "Usage: modsec-clamscan.pl <filename>\n";
    exit;
}

my ($FILE) = shift @ARGV;

$cmd = "$CLAMSCAN --stdout --disable-summary $FILE";
$input = `$cmd`;
$input =~ m/^(.+)/;
$error_message = $1;

$output = "0 Unable to parse clamscan output [$1]";

if ($error_message =~ m/: Empty file\.?$/) {
    $output = "1 empty file";
}
elsif ($error_message =~ m/: (.+) ERROR$/) {
    $output = "0 clamscan: $1";
}
elsif ($error_message =~ m/: (.+) FOUND$/) {
    $output = "0 clamscan: $1";
}
elsif ($error_message =~ m/: OK$/) {
    $output = "1 clamscan: OK";
}

print "$output\n";

这是modsecurity.conf的相关行： SecRuleEngine DetectionOnly

SecServerSignature FreeOSHTTP

SecRequestBodyAccess On

SecRequestBodyLimit 20971520
SecRequestBodyNoFilesLimit 131072

SecRequestBodyInMemoryLimit 20971520

SecRequestBodyLimitAction Reject

SecPcreMatchLimit 1000
SecPcreMatchLimitRecursion 1000
SecResponseBodyAccess On
SecResponseBodyMimeType text/plain text/html text/xml
SecResponseBodyLimit 524288
SecResponseBodyLimitAction ProcessPartial
SecTmpDir /tmp/
SecDataDir /tmp/
SecUploadDir /opt/modsecuritytmp/
SecUploadFileMode 0640
SecDebugLog /var/log/apache2/debug.log
SecDebugLogLevel 3
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIJDEFHZ
SecAuditLogType Serial
SecAuditLog /var/log/apache2/modsec_audit.log
SecArgumentSeparator &
SecCookieFormat 0
SecUnicodeMapFile unicode.mapping 20127
SecStatusEngine On

激活的规则在/ etc / modsecurity / activated_rules下，所有其他规则都运行良好，但是＆＃34; modsecurity_crs_46_av_scanning.conf＆＃34;。

有没有人知道它为什么不对上传的文件做任何事情？

Mod_security av_scanning

0 个答案: