mod_streamav
mod_streamav is designed as an Apache 2 filter, which scans the content of Apache Brigades, using the Clamav virus scanning engine. Different from mod_clamav, mod_streamav is a scanning engine based on streaming mode.
mod_streamav was written by Tao Jin while he was a under-graduate student in Peking University (PKU), Beijing, China. Currently mod_streamav is being maintained by micro-security-vulnerability research (uSVR) group at Institute of Computer Science and Technology (ICST), PKU. You can get more information about mod_streamav from https://sourceforge.net/projects/streamav/ .
Download mod_streamav.tar.gz
You can also get the package from other mirror sites.
Installation
mod_streamav is an Apache filter, which is a new feature of Apache 2.0, so it can not be run on Apache 1.3. It has been successfully tested on Apache version-2.0.54. Before you run it, you must have installed Clamav.
After you download mod_streamav.tar.gz, go through the following installation process:
#tar xvfz mod_streamav.tar.gz
#cd mod_streamav
#./configure --prefix=the path of your choice (the default path is /usr/local/lib).
#make
#make install
Then under such path you will find libraries such as libmod_streamav.la, libmod_streamav.so, ...
#cp libmod_streamav.so ***/apache2/modules/mod_streamav.so (*** denotes the path to apache2 in your local machine)
Configuration
You have to edit the config file $apache2/conf/httpd.conf. Add the
following lines to it:
////////////////////////////////////////////////////////
LoadModule streamav_module modules/mod_streamav.so
SetOutputFilter STREAMAV
///////////////////////////////////////////////////////
Now you can restart Apache, and run the program.
MORE
We assume that you have installed Apache2 and Clamav in default pathes. If
this is not the case, mod_streamav might not work properly. If this happens,
please get the file mod_streamav.c inside mod_streamav.tar.gz, and take the steps:
<1> copy mod_streamav.c to a temp directory
<2> gcc -fPIC -I"***/apache2/include" -c mod_streamav.c -o mod_streamav.o
(Again, *** denotes the path to apache2.)
<3> gcc -shared -L"***/apach2/lib" -L"/path to/clamav/lib" -apr -aprutil mod_streamav.o -lclamav -o mod_streamav.so
<4> cp mod_streamav.so ***/apache2/modules/mod_streamav.so
Then edit the config file $apache2/conf.http.cont, as previously discussed.
How it works
Conventional file-based anti-virus engine can not achieve network-speed performance, therefore it is not suitable for real-time network applications. File-based anti-virus engine writes the data to a file, and as a result, file I/O will affect HTTP response time. On the other hand, mod_streamav, a prototype stream-based anti-virus engine, will scan the content of Apache Brigades without writing data to a file, unless the data is of special type so that you need to save all the data for integrity checking. Only in such situation mod_streamav writes data to a file.
