mod_streamav

welcome to mod_streamav!


mod_streamav is designed as an Apache 2 filter, which scans the content of Apache Brigades, using the Clamav virus scanning engine. Different from mod_clamav, mod_streamav is a scanning engine based on streaming mode.

mod_streamav was written by Tao Jin while he was a under-graduate student in Peking University (PKU), Beijing, China. Currently mod_streamav is being maintained by micro-security-vulnerability research (uSVR) group at Institute of Computer Science and Technology (ICST), PKU. You can get more information about mod_streamav from https://sourceforge.net/projects/streamav/ .

Download mod_streamav.tar.gz

You  can also get the package from other mirror sites.

Installation

mod_streamav is an Apache filter, which is a new feature of Apache 2.0, so it can not be run on Apache 1.3. It has been successfully tested on Apache version-2.0.54. Before you run it, you must have installed Clamav.

After you download mod_streamav.tar.gz, go through the following installation process:

#tar xvfz mod_streamav.tar.gz
#cd mod_streamav
#./configure --prefix=the path of your choice (the default path is /usr/local/lib).
#make
#make install

Then under such path you will find libraries such as libmod_streamav.la, libmod_streamav.so, ...

#cp libmod_streamav.so ***/apache2/modules/mod_streamav.so (*** denotes the path to apache2 in your local machine)

Configuration

You have to edit the config file $apache2/conf/httpd.conf. Add the following lines to it:
////////////////////////////////////////////////////////

LoadModule streamav_module modules/mod_streamav.so

SetOutputFilter STREAMAV
///////////////////////////////////////////////////////

Now you can restart Apache, and run the program.

MORE

We assume that you have installed Apache2 and Clamav in default pathes. If this is not the case, mod_streamav might not work properly. If this happens, please get the file mod_streamav.c inside mod_streamav.tar.gz, and take the steps:
<1> copy mod_streamav.c to a temp directory
<2> gcc -fPIC -I"***/apache2/include" -c mod_streamav.c -o mod_streamav.o (Again, *** denotes the path to apache2.)
<3> gcc -shared -L"***/apach2/lib" -L"/path to/clamav/lib" -apr -aprutil mod_streamav.o -lclamav -o mod_streamav.so
<4> cp mod_streamav.so ***/apache2/modules/mod_streamav.so

Then edit the config file $apache2/conf.http.cont, as previously discussed.

How it works

Conventional file-based anti-virus engine can not achieve network-speed performance, therefore it is not suitable for real-time network applications. File-based anti-virus engine writes the data to a file, and as a result, file I/O will affect HTTP response time. On the other hand, mod_streamav, a prototype stream-based anti-virus engine, will scan the content of Apache Brigades without writing data to a file, unless the data is of special type so that you need to save all the data for integrity checking. Only in such situation mod_streamav writes data to a file.