Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-64075

Antivirus: Support remote scanning using TCP sockets.

XMLWordPrintable

    • MOODLE_37_STABLE, MOODLE_39_STABLE
    • MOODLE_39_STABLE
    • Hide

      TCP Socket test

      1. Run the clamav docker image in a new container

        docker run --name=clam --rm -p 3310:3310 mk0x/docker-clamav:alpine
        

      2. Wait a short while for it to state that it's ready
      3. Navigate to Site administration -> Plugins -> Antivirus plugins
      4. Enable ClamAV
      5. Open its settings
        1. Set the "Running method" to "TCP Socket"
        2. Set the hostname to 'localhost'
        3. Set the socket port to 3310
      6. Save changes
      7. Navigate to "Private files"
      8. Upload a file you happen to have handy nearby
        1. Confirm that it uploaded correctly
      9. Download one of the anti-virus test files from EICAR (https://www.eicar.org/?page_id=3950)
      10. Upload the eicar test file
        1. Confirm that you were shown a warning that the file contained a virus
      11. Stop the docker image

      Test antivirus in UNIX domain socket mode.

      1. Ensure that you have clamav installed. If it's not installed:

        sudo apt install clamav clamav-daemon clamav-freshclam
        

      2. Run freshclam and wait for it to finish:

        sudo freshclam
        

        Note: If you can't run freshclam because it's locked by another process, it's most likely running as a daemon, so no need to worry about this step.

      3. Add the "clamav" user to the Apache's group (e.g. "www-data")

        sudo usermod -a -G www-data clamav
        

      4. Log out and login or reboot your machine.
      5. Ensure that the clamav-daemon is running

        sudo systemctl status clamav-daemon.service
        

        If it's not running, start it manually

        sudo systemctl status clamav-daemon.service
        

      6. Check your clamd configuration file and find the LocalSocket setting and copy the value

        cat /etc/clamav/clamd.conf | grep LocalSocket
        

      7. Navigate to Site administration -> Plugins -> Antivirus plugins
      8. Enable ClamAV
      9. Open its settings
        1. Set the "Running method" to "Unix domain Socket"
        2. Set the "Unix domain socket" to the value that you copied
      10. Save changes
      11. Navigate to "Private files"
      12. Upload a file you happen to have handy nearby
        1. Confirm that it uploaded correctly
      13. Download one of the anti-virus test files from EICAR (https://www.eicar.org/?page_id=3950)
      14. Upload the eicar test file
        1. Confirm that you were shown a warning that the file contained a virus
      Show
      TCP Socket test Run the clamav docker image in a new container docker run --name=clam --rm -p 3310:3310 mk0x/docker-clamav:alpine Wait a short while for it to state that it's ready Navigate to Site administration -> Plugins -> Antivirus plugins Enable ClamAV Open its settings Set the "Running method" to "TCP Socket" Set the hostname to 'localhost' Set the socket port to 3310 Save changes Navigate to "Private files" Upload a file you happen to have handy nearby Confirm that it uploaded correctly Download one of the anti-virus test files from EICAR ( https://www.eicar.org/?page_id=3950 ) Upload the eicar test file Confirm that you were shown a warning that the file contained a virus Stop the docker image Test antivirus in UNIX domain socket mode. Ensure that you have clamav installed. If it's not installed: sudo apt install clamav clamav-daemon clamav-freshclam Run freshclam and wait for it to finish: sudo freshclam Note: If you can't run freshclam because it's locked by another process, it's most likely running as a daemon, so no need to worry about this step. Add the "clamav" user to the Apache's group (e.g. "www-data") sudo usermod -a -G www-data clamav Log out and login or reboot your machine. Ensure that the clamav-daemon is running sudo systemctl status clamav-daemon.service If it's not running, start it manually sudo systemctl status clamav-daemon.service Check your clamd configuration file and find the LocalSocket setting and copy the value cat /etc/clamav/clamd.conf | grep LocalSocket Navigate to Site administration -> Plugins -> Antivirus plugins Enable ClamAV Open its settings Set the "Running method" to "Unix domain Socket" Set the "Unix domain socket" to the value that you copied Save changes Navigate to "Private files" Upload a file you happen to have handy nearby Confirm that it uploaded correctly Download one of the anti-virus test files from EICAR ( https://www.eicar.org/?page_id=3950 ) Upload the eicar test file Confirm that you were shown a warning that the file contained a virus

      With the growing popularity of containerization, it would be good to extend ClamAV antivirus plugin to support virus scanning using TCP sockets (i.e. over the network).

      When scalability is in place, this feature eliminates the need to run ClamAV service on each container/host that provides web service, thus reduces complexity and performance overhead.  In case of containers, this approach is also aligned with best practice of having one process per container.

            odyx Didier Raboud
            kabalin Ruslan Kabalin
            Ruslan Kabalin Ruslan Kabalin
            Andrew Lyons Andrew Lyons
            Jun Pataleta Jun Pataleta
            Votes:
            10 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day, 3 hours, 11 minutes
                1d 3h 11m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.