[clamav-users] Clamav capabilities detecting malicious scripts (javascript, sql injection)
Reindl Harald
h.reindl at thelounge.net
Mon Nov 20 15:07:47 UTC 2017
Am 20.11.2017 um 16:01 schrieb Peter Geerts:
> As far as I understand : files that are uploaded to a website/CMS system
> are offered/delegated to clamav for checking.
> Can you elaborate on the sanesecurity link because I have been at their
> site but didn't find anything that could help me for this specific
> scenario.
you don't want any scripts uploaded on a website by foreigners at all
http://sanesecurity.com/usage/signatures/
http://sanesecurity.com/foxhole-databases/
sorry, but nobody can read the signature descriptions for you and sql
injection has nothing to do with clamav / file-uploads at all - here you
go: https://www.modsecurity.org/
if you think you can just eaisly secure a webserver with some clicks and
install some stuff you are wrong - invest the time to do your homework
or hire somebody - seriously!
> 2017-11-20 15:56 GMT+01:00 Reindl Harald <h.reindl at thelounge.net>:
>> Am 20.11.2017 um 15:48 schrieb Peter Geerts:
>>
>>> Perhaps this has been raised earlier but as a newbie I have a question
>>> regarding Clamav capabilities in this area.
>>>
>>> We currently already run a 99.2 version on Red Hat which does a lot of
>>> virus checking already but malicious (script) code is not detected.
>>>
>>> If this is at all possible I would like to receive pointers on how to
>>> configure this , if not we will have to look at another product most
>>> likely
>>
>> there is no single yes/no answer because it all depends on your usecase -
>> a inbound mailserver using clamd for scoring combined with SpamAssassin has
>> different filters than a unconditional clamav-milter or clamav running on a
>> workstation
>>
>> in any case without http://sanesecurity.com/ clamav has poor rates at all
>> but you need to consider wisely which signatures macth your usecase
More information about the clamav-users
mailing list