We're using NGINX as our main web server, after moving away from Apache. We recently decided to test ClamAV integration, to make sure files uploaded by users are thoroughly scanned prior to transfer to Amazon S3.
I'm looking for an easy way to integrate NGINX and ClamAV, i.e. every file uploaded to a temporary folder gets scanned, and removed if found to be infected.
I found mod_clamav
for Apache, but no similar support for NGINX. Is there a good way to integrate ClamAV and NGINX, or should it be done on an application level (i.e., download the file, and then trigger an application that will scan prior to uploading)?
The only method I could see of doing this would be to use Lua within Nginx to perform the scan, this would however block the Nginx worker which means that it would not be serving content.
I would strongly suggest performing the check within your application rather than at the web service level.
If you come up with a way to perform the scanning without blocking the worker I would love to know it as have had to perform it within the app previously.