apache - Mod_security av_scanning

Question

我在 Debian Jessie 服务器上安装了带有 OWASP 规则的 mod_security，当我尝试上传文件时遇到了它不运行“runav.pl”脚本的问题。

我修改了脚本以在运行时创建具有“测试文本”内容的 /tmp/filewrite.txt。如果我手动运行它会创建文件，但是当我上传文件时它不会创建上述测试文件。

这是修改后的 runav.pl 脚本：

#!/usr/bin/perl
#
# runav.pl
# Copyright (c) 2004-2011 Trustwave
#
# This script is an interface between ModSecurity and its
# ability to intercept files being uploaded through the
# web server, and ClamAV

my $filename = '/tmp/filewrite.txt';
open(my $fh, '>', $filename);
print $fh "Test text\n";
close $fh;

$CLAMSCAN = "clamdscan";

if ($#ARGV != 0) {
    print "Usage: modsec-clamscan.pl <filename>\n";
    exit;
}

my ($FILE) = shift @ARGV;

$cmd = "$CLAMSCAN --stdout --disable-summary $FILE";
$input = `$cmd`;
$input =~ m/^(.+)/;
$error_message = $1;

$output = "0 Unable to parse clamscan output [$1]";

if ($error_message =~ m/: Empty file\.?$/) {
    $output = "1 empty file";
}
elsif ($error_message =~ m/: (.+) ERROR$/) {
    $output = "0 clamscan: $1";
}
elsif ($error_message =~ m/: (.+) FOUND$/) {
    $output = "0 clamscan: $1";
}
elsif ($error_message =~ m/: OK$/) {
    $output = "1 clamscan: OK";
}

print "$output\n";

这是 modsecurity.conf 中的相关行：SecRuleEngine DetectionOnly

SecServerSignature FreeOSHTTP

SecRequestBodyAccess On

SecRequestBodyLimit 20971520
SecRequestBodyNoFilesLimit 131072

SecRequestBodyInMemoryLimit 20971520

SecRequestBodyLimitAction Reject

SecPcreMatchLimit 1000
SecPcreMatchLimitRecursion 1000
SecResponseBodyAccess On
SecResponseBodyMimeType text/plain text/html text/xml
SecResponseBodyLimit 524288
SecResponseBodyLimitAction ProcessPartial
SecTmpDir /tmp/
SecDataDir /tmp/
SecUploadDir /opt/modsecuritytmp/
SecUploadFileMode 0640
SecDebugLog /var/log/apache2/debug.log
SecDebugLogLevel 3
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIJDEFHZ
SecAuditLogType Serial
SecAuditLog /var/log/apache2/modsec_audit.log
SecArgumentSeparator &
SecCookieFormat 0
SecUnicodeMapFile unicode.mapping 20127
SecStatusEngine On

激活的规则位于 /etc/modsecurity/activated_rules 下，所有其他规则都运行良好，但“modsecurity_crs_46_av_scanning.conf”。

有谁知道为什么它不对上传的文件做任何事情？