Search Our Database

How to enable Clam Scan with Mod Security

Last updated on |

Introduction

To safeguard your web application, integrating an intrusion detection system like ModSecurity with antivirus software such as ClamAV is essential. ModSecurity is a widely used open-source web application firewall (WAF) that helps protect against common threats like SQL injection, XSS, and more. ClamAV, on the other hand, is a free antivirus engine used for detecting malware, viruses, and other malicious threats.

When paired, ClamAV and ModSecurity provide a comprehensive layer of security by scanning files uploaded to your web server for potential threats, adding an extra layer of defense. This article guides you through the process of enabling ClamAV with ModSecurity to scan uploaded files, thereby enhancing your web security.

 

Installation Guide

1.Login into DirectAdmin

 

2.Select “CustomBuild”

 

3.Select “Edit Options”

4.Select “YES” for modsecurity and modsecurity_ruleset is based on preference.

 

5.Under ClamAV-related Settings section, Select “YES” for clamav, modsecurity_uploadscan and pureftpd_uploadscan.

 

6. Click Save at the bottom of the screen.

 

7.Select Software

 

8.Build ModSec and ClamAV

 

9.Click on Build and a new browser window shall prompt out with the build progress and will complete the installation.

 

Note: Do contact Technical Support Team should you experience any issue after installing it.

 

Conclusion

Integrating ClamAV with ModSecurity provides an extra layer of security by scanning uploaded files for potential malware. This guide walks you through the process of installing and configuring both tools to work together seamlessly. By following these steps, you can enhance your web server’s defenses and reduce the risk of malicious file uploads. Regularly updating your ClamAV virus definitions and monitoring your ModSecurity logs will ensure continued protection against the latest threats.

 

 

 

Article posted on 6 January 2021 by ips1