Verifying uploaded files with ClamAV before upstream

luislavena · August 29, 2011, 12:01am

Hi!

I have a webapp that allows users to upload files. But before that
webapp sees the files, I need to check them for viruses (with ClamAV).
Requests are proxied by Nginx with a classic proxy_pass directive.

I have tried tu use the embedded Perl module, without success.

Specifically, I successfully got access to the body of the client
request (i.e. the uploaded file’s content), but have problem with the
reply…

If a virus is found, I want to reply with e.g. “403 Forbidden”. But if
the file is clean, I want the webapp to get it via proxy_pass as
usual. I could only manage either always 403, or always pass to upstream

Is it possible to do that with the Perl module? I would prefer that
solution as I don’t have much time for the alternative

If not, could I write a handler module to do that? I read Evan M.'s
guide to Nginx modules, but I’m not sure how to pass control to another
handler in the “no-virus” case.

–
Jérémie

jpi · August 29, 2011, 8:46am

Take note that while you are processing the content using embedded Perl
or
lua, the nginx worker which is processing is blocked, thus not serving
anything. It migth be a better solution to check for viruses inside your
webapp.

jpi · August 29, 2011, 8:56am

If you where to create a web service (JSON?) for clamav checking then
you
could use asyncronous lua requests to do the virus checking.

jpi · August 30, 2011, 2:38am

Thanks for the answers.

I didn’t knew about embedded Perl blocking the whole Nginx process. So I
guess it’s not a solution for us

I’ll try asynchronous Lua requests as soon as possible (this week).
Meanwhile, we’re still investigating the in-house development of a
dedicated handler module; we’ll eventually need another module someday
for other purposes…