mod_savi 0.5 reviewDownload
mod_savi is a Sophos Virus-Scanning integration module. This allows files delivered by the web server to be scanned for viruses in
mod_savi is a Sophos Virus-Scanning integration module.
This allows files delivered by the web server to be scanned for viruses in real time.
mod_savi came about as part of a mail gateway virus scanning implementation. We had chosen amavis as the integration glue between our MTA and the virus scanner. Unfortunately, amavis spawned a new virus-scanning process for every mail message. Clearly, this is extremely inefficient and undesirable, particularly under heavy load.
Preferably, a virus-scanning engine could remain resident and be called as necessary. While some projects along these lines already existed, none was quite what I was looking for.
Ideally, such an implementation should be:
* load-adjusting within resource limits
From an abstract point of view, it seemed the Apache web server satisfied all of these criteria. It is well-tuned and highly reliable. It undergoes considerable auditing and has been ported to many platforms. It is designed to service many requests efficiently, and automatically grows or shrinks according to load, but has the ability to specify hard limits to prevent resource exhaustion. Plus, it has a modular API that allows
flexible extensions. Rather than trying to reinvent a wheel, it seemed that integrating virus scanning into Apache would solve the problem elegantly.
At this point, all the module does if virus scanning is enabled is return an X-SAVI-Status header containing one of the following values:
infected[;< virus_name >]+
By setting the web server document root to the location of the files to be virus-scanned and issuing a HEAD request for a given file, a client can quickly and efficiently determine whether it contains a virus.
While the current implementation is intended mainly for use in a mail gateway virus-scanning configuration, it could easily be extended to perform more general web/virus-related tasks. Possible extensions of this module could include refusal to deliver a virus-infected file, automatic cleaning of files as they are delivered, or scanning of uploaded files.
In order to successfully compile and use mod_savi, you must have already acquired and installed the Sophos Anti-Virus software and API. Information about these products can be found at
Move the savi subdirectory of the mod_savi distribution to the apache/src/modules directory. For example:
tar cf - savi | (cd /path/to/apache/src/modules && tar xf -)
If you are using the Apache Autoconf-style Interface (APACI), supply the option '--activate-module=src/modules/savi/mod_savi.c' to configure. Otherwise, edit the Configuration file and add the line
Sophos virus scanner
mod_savi 0.5 keywords