NAME

Apache::ProxyScan - proxy module to integrate content scanners

SYNOPSIS

  # httpd.conf 
  # example for clamav
  PerlTransHandler  Apache::ProxyScan
  PerlSetVar        ProxyScanScanner "/usr/local/bin/clamav.pl"
  PerlSetVar        ProxyScanTempDir /var/cache/virus/dl/
  PerlSetVar        ProxyScanPredeliverSize     102400
  PerlSetVar        ProxyScanTrustedExtension   ".html .htm"
  PerlSetVar        ProxyScanTrustedExtension   "image/* text/html"
  PerlSetEnv        SCAN_TMP       /var/cache/virus/av/

DESCRIPTION

This module provides the integration of any commandline virus scanning tool into the proxy chain of apache. It works better than cgi solutions because this module uses libwww-perl as it's web client, feeding the response back into the Apache API request_rec structure. For this reason there are no troubles with authentication nor cookie sites.

`PerlHandler' will only be invoked if the request is a proxy request, otherwise, your normal server configuration will handle the request. The normal server configuration will also handle the CONNECT requests if defined for this.

I tested it with clamav, sophos, rav and mcafee.

PARAMETERS

This module is configured with PerlSetVar and PerlSetEnv.

ProxyScanScanner

This is the command executed to scan the downloaded file before delivering. We use standard executables, normally perl.

The only parameter given to the executable is the temporary filename of the file to be tested.

The script must return 0 if the file is clean and tested und the file must not be deleted. If the return code ist not 0 and the file still exists, we assume that the call of the scanner wrapper failed. The file is not deliverd. If the return code ist not 0 and the file is deleted, then the Handler returns the standard output of the wrapper script.

ProxyScanTempDir

This is the directory where LWP::UserAgent downloads the requested files. Make sure that it provides enough space for you surf load.

  PerlSetVar        ProxyScanTempDir /var/cache/virus/dl/

Often the scanner itself have another place where to store their temporary files. Make sure that it provides enough space, too.

ProxyScanPredeliverSize

There are usability problem downloading large files, because the files are download first, then checked and then delivered. This causes problems with timeouts and "non-responding" browsers.

If the Content-Length of the response is bigger than ProxyScanPredeliverSize the header is delivered immediately including 5 bytes of content. Then the file is downloaded and scanned and delivered if clean. If there is a virus found, there is a major problem to report this to the user, because the header including Content-Type is sent yet. In this case we do not deliver any more bytes but add the standard error page. The average user would not read this message, but ProxyScan prevented the download of a infected file.

If not defined a value of 102400 (100 K) is preset.

ProxyScanTrustedExtension

This is the most dangerous option. You are able to configure file extensions that are delivered unchecked. File Extensions are not really trustworthy, so only define Trusted Extensions if you know about the implication. It is mainly to decrease the load. The request is handled via the original apache proxy module, so make sure you activated this.

ProxyScanTrustedMIME

This is the better solution to prevent av scanning on special files. This time MimeMagic tests are done an the first 4K of the file. If the detected MimeType is in TrustedMIME it would be delivered without checking and in time.

The syntax of the ProxyScanTrustedMIME is

  ProxyScanTrustedMIME "image/* text/html"

This allows every image to pass and every text/HTML file unchecked.

PerlSetEnv

The scripts starting the scan processes try to set the path for the temporary files created by the scanner itself.

  PerlSetEnv        SCAN_TMP       /var/cache/virus/av/

EXAMPLES

I need more example configuration for other scanner products. If a file is infected, the scanner should delete it.

In Apache-ProxyScan-X.XX/eg/ are wrapper scripts for several virus scanner.

TODO

I need tests and examples for the integration of other content scanner products, free and non free. (Kaspersky, Trendmicro, AntiVir)

Other things nice-to-have would be real configuration directives, a special logfile for ProxyScan, a memory for infected files to deliver real error messages if the user tries a second download and a cleanup of the delivered http headers.

SUPPORT

The latest version of this module can be found at CPAN and at http://www.sourcentral.org/Apache-ProxyScan/. Send questions and suggestions directly to the author (see below).

SEE ALSO

mod_perl, Apache, LWP::UserAgent

AUTHOR

Oliver Paukstadt <cpan@sourcentral.org>

Based on Apache::ProxyPassThrough from Bjoern Hansen and Doug MacEachern

COPYRIGHT

Copyright (c) 2002-2003 Oliver Paukstadt. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

FORTUNE

 DA FORCE COMING DOWN WITH MAYHEM  
 LOOKING AT MY WATCH TIME 3.A.M.