+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 21 of 21
Virtual Learning Platforms Thread, Moodle 2.0.x: LDAPCapture and SMBWebClient (aka Windows Web Share Client) in Technical; Heh - both working on same hacky fix at same hacky time! This was mine: Code: function ClamAV($file){ $out = ...
  1. #16
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    888
    Thank Post
    84
    Thanked 234 Times in 193 Posts
    Rep Power
    82
    Heh - both working on same hacky fix at same hacky time! This was mine:
    Code:
    function ClamAV($file){
        $out = preg_split('/\n/',`clamscan $file`);
    	foreach($out as $key=>$value){
    		$referr = strstr($value,$file);
    		if ($referr){
    			$location = $key;
    			if (strpos($referr,'FOUND')){
    				$this->status = 'VIRUS DETECTED: '.$out[$key];
    				if ($location!==0){$this->status .= ' Your ClamAV engine or database may be outdated or has an issue';}
    				return true;
    			} else {
    				if ($location!==0){$this->status = 'Your file was succesfully uploaded, however, your ClamAV engine or database may be outdated or has an issue';}
    				return false;
    			}	
    		}
    	}
    	if (!$location) {
    		$this->status = 'No valid response received from ClamAV - please contact your webmaster';
    	}
    }

  2. #17


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,628
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    Can't claim authorship - it was the PFY who fiddled about until the regex started behaving.

    We did find it really doesn't like trying to run against clamdscan when called by the new file upload and dies with an access denied. I suspect it's a permissions problem, but I need to make it a lot more verbose to track the problem.

  3. #18
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    888
    Thank Post
    84
    Thanked 234 Times in 193 Posts
    Rep Power
    82
    Clamdscan runs as 'User clam' by default here, hence it can't read files in the webroot, whereas when run from CLI, it tends to be run by yourself / root / user in the wheel group so works fine... have a look at your /etc/clamd.conf, somewhere around line 189.

  4. #19
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    888
    Thank Post
    84
    Thanked 234 Times in 193 Posts
    Rep Power
    82
    I think the sensible approach is that if clamscan or clamdscan return anything OTHER than '$file: OK', then the upload should be disallowed, whereas at the moment, if clamdscan returns access denied, or clamscan returns an "I'm out of date" warning then the file could still go thru, virus or otherwise...

    Code:
    function ClamAV($file){
    	$out = preg_split('/\n/',`clamscan $file`); //or clamdscan $file
    	
    	foreach($out as $key=>$value){
    		$referr = strstr($value,$file);
    		if ($referr){
    			$location = $key;
    			if (strpos($referr,'FOUND')){
    				$this->status = 'VIRUS DETECTED: '.$out[$key];
    				return true;
    			} elseif (strpos($referr,'ERROR')){
    				$this->status = 'CANNOT SCAN FILE: '.$out[$key];
    				return true;
    			} elseif (strpos($referr,''.$file.': OK')){
    				return false;
    			} else {
    				return true;
    			}	
    		}
    	}
    	if (!$location) {
    		$this->status = 'No valid response received from ClamAV - please contact your webmaster';
    		return true;
    	}
    }
    Returning 'false' is the ticket to the file being uploaded succesfully. In the above, this only happens if:

    1) The $out array (which contains each individual line of response from clamav) contains a value which features the $file variable as a string...

    AND

    2) That same value also contains " OK".
    Last edited by Marci; 28th February 2012 at 02:55 PM.

  5. #20


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,628
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    Problem is when I su to clamav from root:
    Code:
    sudo -s
    su - clamav --shell=/bin/bash
    I can read the webroot fine and scan files within it (and within /tmp).

    ie:
    Code:
    clamav@moodle:~$ whoami
    clamav
    clamav@moodle:~$ cd
    clamav@moodle:~$ pwd
    /var/lib/clamav
    clamav@moodle:~$ clamdscan /var/www/help.php 
    /var/www/help.php: OK
    
    ----------- SCAN SUMMARY -----------
    Infected files: 0
    Time: 0.000 sec (0 m 0 s)
    clamav@moodle:~$ cd /root/
    -su: cd: /root/: Permission denied
    clamav@moodle:~$
    Which led me to suspect it was the Apache user having problems connecting to clamd.

  6. #21
    Marci's Avatar
    Join Date
    Jun 2008
    Location
    Wakefield, West Yorkshire
    Posts
    888
    Thank Post
    84
    Thanked 234 Times in 193 Posts
    Rep Power
    82
    Indeed. I use cPanel here, where apache runs as 'nobody'... just to complicate matters further!

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Windows Share Web Client Help
    By alunmjones in forum Virtual Learning Platforms
    Replies: 40
    Last Post: 30th June 2011, 05:58 PM
  2. Windows Share Web Client and Moodle 1.9
    By wesleyw in forum Virtual Learning Platforms
    Replies: 16
    Last Post: 20th June 2011, 10:35 AM
  3. Moodle - windows web client (smb)
    By _techie_ in forum Virtual Learning Platforms
    Replies: 7
    Last Post: 5th November 2010, 09:15 AM
  4. Moodle Windows Share Web Client
    By itgeek in forum Virtual Learning Platforms
    Replies: 5
    Last Post: 16th September 2010, 11:48 AM
  5. Moodle & Windows Share Web Client
    By clodhopper in forum Virtual Learning Platforms
    Replies: 1
    Last Post: 12th March 2009, 10:43 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •