Ja bitte!

Yes please

Hi,

I'm a user and not of Plesk support.

CalmAV is to the best of my understanding enabled on Plesk for Plesk hosted mail protection:
https://www.plesk.com/blog/guides/how-to-protect-email-servers-against-spam-viruses/

I have implemented CalmAV manually to scan uploaded files, using ModSecurity as base technology.

inspectFile
Description: Executes an external program for every variable in the target list. The contents of the variable is provided to the script as the first parameter on the command line. The program must be specified as the first parameter to the operator. As of version 2.5.0, if the supplied program filename is not absolute, it is treated as relative to the directory in which the configuration file resides. Also as of version 2.5.0, if the filename is determined to be a Lua script (based on its .lua extension), the script will be processed by the internal Lua engine. Internally processed scripts will often run faster (there is no process creation overhead) and have full access to the transaction context of ModSecurity.

The @inspectFile operator was initially designed for file inspection (hence the name), but it can also be used in any situation that requires decision making using external logic.

The OWASP ModSecurity Core Rule Set (CRS) includes a utility script in the /util directory called runav.pl ModSecurity that allows the file approval mechanism to integrate with the ClamAV virus scanner. This is especially handy to prevent viruses and exploits from entering the web server through file upload.

#!/usr/bin/perl
#
# runav.pl
# Copyright (c) 2004-2011 Trustwave
#
# This script is an interface between ModSecurity and its
# ability to intercept files being uploaded through the
# web server, and ClamAV

$CLAMSCAN = "clamscan";

if ($#ARGV != 0) {
print "Usage: runav.pl <filename>\n";
exit;
}

my ($FILE) = shift @ARGV;

$cmd = "$CLAMSCAN --stdout --no-summary $FILE";
$input = `$cmd`;
$input =~ m/^(.+)/;
$error_message = $1;

$output = "0 Unable to parse clamscan output [$1]";

if ($error_message =~ m/: Empty file\.?$/) {
$output = "1 empty file";
}
elsif ($error_message =~ m/: (.+) ERROR$/) {
$output = "0 clamscan: $1";
}
elsif ($error_message =~ m/: (.+) FOUND$/) {
$output = "0 clamscan: $1";
}
elsif ($error_message =~ m/: OK$/) {
$output = "1 clamscan: OK";
}

print "$output\n";

Example: Using the runav.pl script:

# Execute external program to validate uploaded files
SecRule FILES_TMPNAMES "@inspectFile /path/to/util/runav.pl" "id:159"
Example of using Lua script (placed in the same directory as the configuration file):

SecRule FILES_TMPNAMES "@inspectFile inspect.lua" "id:160"
The contents of inspect.lua:

function main(filename)
-- Do something to the file to verify it. In this example, we
-- read up to 10 characters from the beginning of the file.
local f = io.open(filename, "rb");
local d = f:read(10);
f:close();

-- Return null if there is no reason to believe there is ansything
-- wrong with the file (no match). Returning any text will be taken
-- to mean a match should be trigerred.
return null;
end
Note : Starting in version 2.9 ModSecurity will not fill the FILES_TMPNAMES variable unless SecTmpSaveUploadedFiles directive is On, or the SecUploadKeepFiles directive is set to RelevantOnly.
Note: Use @inspectFile with caution. It may not be safe to use @inspectFile with variables other than FILES_TMPNAMES. Other variables such as "FULL_REQUEST" may contains content that force your platform to fork process out of your control, making possible to an attacker to execute code using the same permissions of your web server. For other variables you may want to look at the Lua script engine. This observation was brought to our attention by "Gryzli", on our users mailing list.
Version: 2.x

Supported on libModSecurity: TBI

Reference: http://blog.spiderlabs.com/2010/10/advanced-topic-of-the-week-preventing-malicious-pdf-file-uploads.html

file upload modsecurity protection

I have installed ClamAV according to instruction

I have set the script in place.

The script is called by a new rule added via Plesk manual rules:

SecRule FILES_TMPNAMES "@inspectFile /etc/apache2/modsecurity.d/modsec_clamav.pl" \
"id:'99999932471', \
phase:2, \
t:none, \
deny, \
log, \
msg:'Infected File upload detected', \
tag:'MALICIOUS_SOFTWARE/VIRUS'"
tested syntax and restarted Apache server

could not test file upload as those were not IMAGE or PDF

Script has to get execution permissions

Why do you keep ignoring this feature request for so many years? We need proven and reliable solution that is not cost prohibitive, especially for small VPS use.
You keep increasing your licence price year on year but fail to offer added value.

It's very important.

speed up please

OPEN DISCUSSION · Jan 21, 2016 they wait for WHAT ? SIX years, ridiculous.
They seriously are listening to the community. this is a joke

Would be an essential.

Cmoooon Plesk

6 years later...

They dont even ******* care about customers. This is one of most voted features since years, but money comes first.

Probably looking for another solucion like cPanel its the better solution. I mean, Plesk was OK because prices was low compared to cpanel during years, but today the price its almost the same, so... bye bye plesk.

ClamAV is for cPanel a free plugin. In Plesk you have to pay for this. Because of security and financial reasons we are thinking about for changing the panel for next servers. Sorry but since 2016 it is a big feature request of community/customers of Plesk.

This is really neccessary. Many servers are badly protected without it. Its open source. Please add it as quick as possible.

This would be greatly appreciated.

Just do it and stop using Open Source in your PAID programs!

Please, please, PLEASE upgrade. We ALL need this.

Thank you!

Agree

Really not good not having ClamAV as an option for mail antivirus for free. We are already paying for Plesk license and for some additional features which are not essential for server work, but I think email antivirus should be counted as an essential feature! I know you are using it for Plesk Email Security Pro, but my opinion is that you will have more flyovers from cPanel if antivirus is available for free by defaut.

Please add this feature! It's a shame that it is not supported yet for free. Buy the way check this if you are familiar with command line: https://www.plesk.com/blog/product-technology/how-to-protect-email-servers-against-spam-viruses/

As mentioned before, clamav can be integrated (at least on Ubuntu) with a few simple steps. Thus, I really wonder what Plesk considers to be the expensive part of integrating this (except for losing people paying for the DrWeb extension).

@MEL it's not just making it unsafe, it's an embarrassment. ClamAV should be the entry level protection offered free and as standard.

If anyone is interested, if you're on a windows server, as long as you're able to specify which AV to use within your mail server software (Mailenable for example has built in support for ClamAV) you can setup ClamAV as a Windows Service yourself and then configure your mail server to use it https://java.pfreiberg.cz/how-to-run-clamav-as-windows-service/