inspectFile fix

README.md

@@ -307,6 +307,7 @@ If set to yes, ClamAV will automatically remove the detected files.
 ## TODO
 - Default CSP
 - Custom Dockerfile based on bunkerized-nginx
+- Auth basic
 - Documentation
 - Custom TLS certificates
 - HSTS preload, HPKP

confs/modsecurity-clamav.conf

@@ -1,2 +1,4 @@
+SecUploadDir /tmp
+SecUploadKeepFiles Off
 SecRule FILES_TMPNAMES "@inspectFile /opt/scripts/clamav.sh" \
-"phase:2,t:none,block,msg:'Virus found in uploaded file',id:'399999'"
+"phase:2,t:none,deny,msg:'Virus found in uploaded file',id:'399999'"

scripts/clamav.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 
-output=$(clamscan -i --no-summary "$1" 2> /dev/null)
-
+output=$(clamscan -i --no-summary $1 2> /dev/null)
+rm -f $1
 if echo "$output" | grep -q ".* FOUND$" ; then
 	echo "0 clamscan: $output"
 else