When transferring a file via Moodlenet, clamAV reports a virus detection.
We suspect that this is a bug.
The error can be reproduced with the following constellation:
Settings for clamAV:
unixsocket (not TCP)
clamAV is executed as user clamav.
This user is in the group www-data and vice versa, www-data is in the group clamav.
In Moodle the procedure:
- Login to your website
- Open course
- Enable edit mode
- click "add an activity or resource"
- Select MoodleNet (should be at the bottom of the window)
- connect to Moodlnet
- select any module, e.g. https://moodle.net/resource/ef6rlcme33hk-el-arte-de-tutelar-pura-seduccion
- click "send to Moodle"
- Follow steps and upload
- Get error:
We get the following error:
Error message in Moodle with debug mode:
The error indicates that it is trying to scan a folder.
ClamAV seems to expect the file.
We did further testing to see if the permission might be incorrect.
We were able to disprove this by using the command line to check the scan directly during the upload.
When switching from unixsocket to TCP, the upload works, but we fear performance losses with this setting.
run clamav as root.
There are safety concerns with this.