Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-67545

New config option for ClamAV scanning errors to prompt user to try again later

XMLWordPrintable

    • MOODLE_38_STABLE
    • MOODLE_39_STABLE
    • wip-MDL-67545-master
    • Hide

      To check this improvement it is necessary to make ClamAV available but return a failure (not a found virus) on scanning an uploaded file. This is easily achievable, if a bit fiddly:

      1. As admin on a test site where you have full control, check the admin settings for ClamAV (Site admin > Plugins > Antivirus plugins > Manage) so ClamAV is available. Click on settings for ClamAV. Enable Command line Running method and add a suitable path in the command line setting (/usr/bin/clamscan). Also set the On ClamAV failure setting to Refuse upload, try again.
      2. Check that it is possible to upload an image somewhere on your site. (It may be slow uploading the image because the command line virus scan takes time to 'warm up'.)
      3. Now go back to the ClamAV admin settings page, and add a text character to the command line scan path (something like /usr/bin/clamscanxxx). This just makes the virus scan manager throw a SCAN_RESULT_ERROR, because the path is incorrect - just what we need for testing the message to the user.
      4. Check that when trying to upload an image now you get an onscreen message saying 'There is a problem with AntiVirus scanning at the moment. Your file {$filename} has not been uploaded. Please try again later.' Check you also get an admin email with details of the ClamAV failure.
      5. Finally reverse the changes to your admin antivirus settings. 

      There is a phpunit test as well.

      Show
      To check this improvement it is necessary to make ClamAV available but return a failure (not a found virus) on scanning an uploaded file. This is easily achievable, if a bit fiddly: As admin on a test site where you have full control, check the admin settings for ClamAV (Site admin > Plugins > Antivirus plugins > Manage) so ClamAV is available. Click on settings for ClamAV. Enable Command line Running method and add a suitable path in the command line setting (/usr/bin/clamscan). Also set the On ClamAV failure setting to Refuse upload, try again. Check that it is possible to upload an image somewhere on your site. (It may be slow uploading the image because the command line virus scan takes time to 'warm up'.) Now go back to the ClamAV admin settings page, and add a text character to the command line scan path (something like /usr/bin/clamscanxxx). This just makes the virus scan manager throw a SCAN_RESULT_ERROR, because the path is incorrect - just what we need for testing the message to the user. Check that when trying to upload an image now you get an onscreen message saying 'There is a problem with AntiVirus scanning at the moment. Your file {$filename} has not been uploaded. Please try again later.' Check you also get an admin email with details of the ClamAV failure. Finally reverse the changes to your admin antivirus settings.  There is a phpunit test as well.

      We have an ongoing issue whereby, when our virus scanner (ClamAV) is updating, uploaded files fail to scan. This generates a few emails each day to our admins. 

      Currently the ClamAV plugin gives you the option to treat a failure as the file being safe, or the file being a virus. It would be better if we could treat the failure as a failure, reject the file, but tell the user to try again later.

      This just requires a new option within the ClamAV plugin for the clamfailureonupload setting.

        1. rats_bars.mp4
          2.20 MB
          Eloy Lafuente (stronk7)

            jb23347 John Beedell
            jb23347 John Beedell
            Mark Johnson Mark Johnson
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Jun Pataleta Jun Pataleta
            Votes:
            1 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 15 minutes
                1h 15m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.