Virus scan using Clam

Project:RUcore dlr/EDIT
Version:7.5
Component:Code
Category:feature request
Priority:critical
Assigned:chadmills
Status:closed
Description

When files are replaced in dlr/EDIT, they need to be scanned.

Comments

#1

Version:7.4» 7.5

I have been waiting for Yang to get the PHP version working before attempting to implement it on the dlr side. I will not be able to do this until 7.5. It's not such an immediate necessity since all dlr/EDIT file edits are done by trusted internal users, and it is more important to implement it in careful coordination with what Yang is doing with outside users.

#2

Priority:normal» critical

Although trusted internal users are replacing files, the files are not created by these people.

#3

I know, but I don't want to rush in with a temporary solution. The real danger is from files uploaded to an expanded faculty deposit.

#4

Version:7.5» 7.4

This is actually done now for adding and changing datastreams with both file upload and a url. The only obvious difference will be that adding or changing a datastream will be a bit slower (since these function do no display a log but redirect when the process is complete. If there is a virus, they abort with an error message and the virus infected files are removed. It also catches empty datastreams, so one way to test this would be to try adding or changing to an empty datastream.

#5

Status:active» test

#6

What do you mean by " empty datastream"? A blank word document?

#7

Yes. Basically a zero size file will be flagged (as well as a file with a virus).

#8

I added an empty word document and "Add a datastream" displays a message indicating that it is an empty file. I don't have an infected file to test so I can't really test that functionality.

#9

Status:test» fixed

Marking it as Fixed.

#10

Status:fixed» closed

Closing.

#11

Version:7.4» 7.5
Status:closed» active

Explore using the PHP class to provide virus scanning instead of command line scanning.

Outcome is to either change the method of scanning or indicate why command line scanning is needed.

#12

Status:active» test

cl turns out to be a built in PHP function that, like clamscan itself, operates on a file. I timed it and it came out the same as my function. The only drawback is that it doesn't flag empty datastreams along the way as raw clamscan can do, but as that's not especially important I implemented it. Note: I still require the extra memory Dave provided to create the tmp files of possibly large size for scanning whether from an upload or through a URL.

#13

Assigned to:triggs» ananthan

#14

Assigned to:ananthan» chadmills

Assigning to Chad to test comment #11.

#15

Assigned to:chadmills» triggs
Status:test» active

What script(s) do I need to look at to confirm #11?

#16

add datastream and change datastream. Do you have the test virus file? I'll attach the test file just in case.

#17

Can I have the filenames of those scripts? I originally asked so I wouldn't have to "go hunting" for them.

#18

nadddsaction.php
nchdsaction.php

#### run the cl php clamscan for viruses
$testclam = cl_scanfile($tmpclamname, $virusname);
if ($testclam == CL_VIRUS) {
print "<b>clamscan found a virus $virusname in this file. Aborting now...<br/></b>\n";
unlink($tmpclamname);
if (file_exists($tmpfname)) {
unlink($tmpfname);
}
exit;
} else {
unlink($tmpclamname);
}

#19

Assigned to:triggs» chadmills

#20

Status:active» fixed

This wasn't marked test, but I tested it anyway.

#21

Status:fixed» closed

Back to top