-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
3.9.2, 3.10
-
MOODLE_310_STABLE, MOODLE_39_STABLE
-
With the latest addition of direct TCP connections to a ClamAV server, Moodle is now configured to perform a stream_get_line() call once the file has been fully submitted to a ClamAV server for scanning feedback of the file. In almost all cases this is fine since a majority of files we've seen are relatively small and take a small amount of time to process through the ClamAV server. However, as customer's are performing course restores through MBZ uploads or new large content uploads at the beginning of the semester, we've seen on numerous occasions the following scenario.
- The Moodle site is configured to talk to remote ClamAV server via TCP connection configured in Moodle with 5 retry attempts.
- An administrator uploads a large course MBZ backup that takes longer than 60 seconds for the ClamAV server to process and clear for upload.
- Once the file is uploaded to the ClamAV server, the stream_get_line() function is called and by default waits for 60 sends before returning false with no response from ClamAV.
- The file is then re-uploaded due to the retry event configuration which now starts compounding CPU utilization on the ClamAV server as the first file hasn't been cleared or cached.
- This keeps reiterating and compounding load on the server until retry attempts have run out.
- The administrator must wait enough time (unknown) for a file to be cleared so when the upload attempt is tried again, the administrator is hopefully able to connect to a ClamAV server that has the file's MD5 hash cached in memory and the file can be instantly cleared.
So this becomes less than ideal as ClamAV solutions part of a dynamic scaling group will be added to the pool based on scaling rules around CPU, Load, or Concurrent connections costing money that didn't need to be spent, and creates a poor user experience for an administrator due to the lack of transparency that is happening on the back end along with needing several attempts to successfully upload a file.
This code fix adds an $CFG value that allows a site administrator the ability to define the timeout on stream_get_line() to allow the ClamAV server more time to scan the file prior to a retry attempt executing.