Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-67545

New config option for ClamAV scanning errors to prompt user to try again later

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.8
    • Fix Version/s: 3.9
    • Component/s: Unknown
    • Testing Instructions:
      Hide

      To check this improvement it is necessary to make ClamAV available but return a failure (not a found virus) on scanning an uploaded file. This is easily achievable, if a bit fiddly:

      1. As admin on a test site where you have full control, check the admin settings for ClamAV (Site admin > Plugins > Antivirus plugins > Manage) so ClamAV is available. Click on settings for ClamAV. Enable Command line Running method and add a suitable path in the command line setting (/usr/bin/clamscan). Also set the On ClamAV failure setting to Refuse upload, try again.
      2. Check that it is possible to upload an image somewhere on your site. (It may be slow uploading the image because the command line virus scan takes time to 'warm up'.)
      3. Now go back to the ClamAV admin settings page, and add a text character to the command line scan path (something like /usr/bin/clamscanxxx). This just makes the virus scan manager throw a SCAN_RESULT_ERROR, because the path is incorrect - just what we need for testing the message to the user.
      4. Check that when trying to upload an image now you get an onscreen message saying 'There is a problem with AntiVirus scanning at the moment. Your file {$filename} has not been uploaded. Please try again later.' Check you also get an admin email with details of the ClamAV failure.
      5. Finally reverse the changes to your admin antivirus settings. 

      There is a phpunit test as well.

      Show
      To check this improvement it is necessary to make ClamAV available but return a failure (not a found virus) on scanning an uploaded file. This is easily achievable, if a bit fiddly: As admin on a test site where you have full control, check the admin settings for ClamAV (Site admin > Plugins > Antivirus plugins > Manage) so ClamAV is available. Click on settings for ClamAV. Enable Command line Running method and add a suitable path in the command line setting (/usr/bin/clamscan). Also set the On ClamAV failure setting to Refuse upload, try again. Check that it is possible to upload an image somewhere on your site. (It may be slow uploading the image because the command line virus scan takes time to 'warm up'.) Now go back to the ClamAV admin settings page, and add a text character to the command line scan path (something like /usr/bin/clamscanxxx). This just makes the virus scan manager throw a SCAN_RESULT_ERROR, because the path is incorrect - just what we need for testing the message to the user. Check that when trying to upload an image now you get an onscreen message saying 'There is a problem with AntiVirus scanning at the moment. Your file {$filename} has not been uploaded. Please try again later.' Check you also get an admin email with details of the ClamAV failure. Finally reverse the changes to your admin antivirus settings.  There is a phpunit test as well.
    • Affected Branches:
      MOODLE_38_STABLE
    • Fixed Branches:
      MOODLE_39_STABLE
    • Pull 3.8 Branch:
      wip-MDL-67545-38stable
    • Pull Master Branch:
      wip-MDL-67545-master

      Description

      We have an ongoing issue whereby, when our virus scanner (ClamAV) is updating, uploaded files fail to scan. This generates a few emails each day to our admins. 

      Currently the ClamAV plugin gives you the option to treat a failure as the file being safe, or the file being a virus. It would be better if we could treat the failure as a failure, reject the file, but tell the user to try again later.

      This just requires a new option within the ClamAV plugin for the clamfailureonupload setting.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jb23347 John Beedell
              Reporter:
              jb23347 John Beedell
              Peer reviewer:
              Mark Johnson
              Integrator:
              Eloy Lafuente (stronk7)
              Tester:
              Jun Pataleta
              Participants:
              Component watchers:
              Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón
              Votes:
              1 Vote for this issue
              Watchers:
              12 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                15/Jun/20

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour, 15 minutes
                  1h 15m