[Owasp-modsecurity-core-rule-set] Is there any other type of inspecting upload fie?
Brian.Rectanus at breach.com
Wed May 26 12:14:01 EDT 2010
On 05/26/2010 02:17 AM, Junyong Jiang wrote:
> Dear all,
> I know we can use FILES_TMPNAMES to inspect an upload file. The manual
> and the cookbook are both using clamav-scanner. I want know is there any
> other type of method?
> If I want to write scripts and using my own keywords for matching the
> vir, how can I do that?
> Could you share your experience for me?
> Thanks in advance!
Any script will work that just looks at the given filename (first and
only argument to the script). It just needs to output a "0" (zero) as
the first character of the output on failure. Any other output is a
success. The exit code is ignored. For example:
# Fail if any of the words are found in the file
if grep "list|of|words" $FILE > /dev/null; then
echo "0 $0: FAILED"
echo "1 $0: OK"
More information about the Owasp-modsecurity-core-rule-set