What version of ASL are you running? Please send the output of this command:
No idea what this is, its not part of ASL, so I can only assume the typo3 folks told you do this? No idea if its right or wrong, not our stuff.
If you want to debug this issue, please edit typo3/init.php of your TYPO3 source and search for the die() call right after this line (search for this text to find)...
[PATH_thisScript] => /usr/bin/modsec-clamscan.pl
[php_sapi_name()] => cgi-fcgi
[TYPO3_MOD_PATH] => TYPO3_MOD_PATH
[PATH_TRANSLATED] => /usr/bin/modsec-clamscan.pl
[SCRIPT_FILENAME] => /var/www/vhosts/domain/httpdocs/typo3/alt_doc.php
So are you calling /usr/bin/modsec-clamscan.pl from inside typo3, or are you using ASL to do this?
This error from modsecurity:
[Sun Mar 25 19:20:39 2012] [error] [client ] ModSecurity: Exec: Execution failed while reading output: /usr/bin/modsec-clamscan.pl (End of file found) [hostname "domain"] [uri "/typo3/alt_doc.php"] [unique_id "efxO7NTj-O4AAAs-tUIAAAAI"]
[Sun Mar 25 19:20:39 2012] [error] [client ] ModSecurity: Rule processing failed. [hostname "domain"] [uri "/typo3/alt_doc.php"] [unique_id "efxO7NTj-O4AAAs-tUIAAAAI"]
Means that either:
1) clamd is not running
2) it is not running as root
3) it is not listening on a TCP port
Please post the output of these commands:
ps auxwww | grep clamd
netstat -anp | grep clamd