[Owasp-modsecurity-core-rule-set] Is there any other type of inspecting upload fie?

Brian Rectanus Brian.Rectanus at breach.com
Wed May 26 12:14:01 EDT 2010


On 05/26/2010 02:17 AM, Junyong Jiang wrote:
> Dear all,
> I know we can use FILES_TMPNAMES to inspect an upload file. The manual
> and the cookbook are both using clamav-scanner. I want know is there any
> other type of method?
> If I want to write scripts and using my own keywords for matching the
> vir, how can I do that?
> 
> Could you share your experience for me?
> 
> Thanks in advance!

Any script will work that just looks at the given filename (first and
only argument to the script).  It just needs to output a "0" (zero) as
the first character of the output on failure.  Any other output is a
success.  The exit code is ignored.  For example:

#!/bin/sh

FILE=$1

# Fail if any of the words are found in the file
if grep "list|of|words" $FILE > /dev/null; then
  echo "0 $0: FAILED"
  exit
fi

echo "1 $0: OK"



-- 
Brian Rectanus
Breach Security


More information about the Owasp-modsecurity-core-rule-set mailing list