Moodle 2.0.x: LDAPCapture and SMBWebClient (aka Windows Web Share Client)

[Marci]

Spent the morning working on both the 'Windows Web Share Client' block (to use it's proper name) and 'LDAPCapture' auth plugin to get them working in Moodle2.0.x

LDAPCapture - http://www.minimotoscene.co.uk/marci...re_moodle2.zip
Windows Web Share Client - http://www.minimotoscene.co.uk/marci...nt_moodle2.zip

Both tested as working on clean install of Moodle 2.0.3, with PHP5.2.17 on FreeBSD8.2-RELEASE

Note: I am not the maintainer of either of these, and as such these should be considered unofficial modified versions. Should the author (*waves at Guy*) have any objections to these being posted here, drop me a line and I'll remove them immediately.

Also note, I haven't tested these on PHP5.3.x / Moodle 2.1 - if anyone does so, can you let me know the outcome...?

[philwaud]

Good work Marci!

Does that mean we are upgrading soon? :-)

Phil

Spent the morning working on both the 'Windows Web Share Client' block (to use it's proper name) and 'LDAPCapture' auth plugin to get them working in Moodle2.0.x

LDAPCapture - http://www.minimotoscene.co.uk/marci...re_moodle2.zip
Windows Web Share Client - http://www.minimotoscene.co.uk/marci...nt_moodle2.zip

Both tested as working on clean install of Moodle 2.0.3, with PHP5.2.17 on FreeBSD8.2-RELEASE

Note: I am not the maintainer of either of these, and as such these should be considered unofficial modified versions. Should the author (*waves at Guy*) have any objections to these being posted here, drop me a line and I'll remove them immediately.

Also note, I haven't tested these on PHP5.3.x / Moodle 2.1 - if anyone does so, can you let me know the outcome...?

[Marci]

1) not up to me when/if...
2) depends if slt sticking with moodle...
3) depends if *shhhhhh*...
4) still not done MIS block or Facility2Moodle block, so no, not yet...

[philwaud]

Great news anyway, is it php5.3 compatible - I know you asked for testers but Im guessing you have intended it to work?

Phil

[Marci]

Not a clue at the moment... don't have a 5.3 testing server on which to debug.

[pete]

There's a newer version of libencryption.php available here: Ultra Secure 2-Way PHP Encryption Algorithm - ActionScript.org Forums

But it's still not a nice encryption module.

[Marci]

I'll have a look at that at somepoint and see how well it plays with the rest of the block... at the moment the main issue to resolve is smbwebclient not being able to download files with spaces in the filename, which appears to be an issue with one of the preg_replace statements...

[brudinie]

Hi Marci

I have no objections to them being hosted here - many thanks for your work on them.
I had already done work on both of these plugins but just hadn't released them yet.
Please let me know if you have any fixes in future and then it saves us both from re-inventing the wheel!
I think you have my email address but if not you can find my contact details on Citricity Ltd 2011
If you can send me your email address I'll try to keep you up to date with any work I do on the plugins.

BTW - it turns out that the windows share web client white space issue with folders and files is an issue with people running the block on a Moodle hosted on a windows server.
Linux / BSD servers should not have been affected by the white space issue. I have fixed this in the latest releases.

The "official" versions are available for download from:

Citricity Ltd 2011

Citricity Ltd 2011

Both these plugins have been successfully tested on a linux install in a college today.

[Butters]

Do these plugins work with externally hosted Moodle sites?

[Marci]

Only if you can set up a vpn between your webserver and your school site...

@brudinie - cheers d00d... will pull my files down and bash a redirect back to yours tomorrow. Which reminds me, I must remember to update the Moodle.org Fac-2-Moodle download location over to yonder new employer's servers too on Monday!

[brudinie]

pete - you are correct, its not the best.
That's why I've replaced it with an implementation of AES in the latest Moodle 2 version ;-)

[pete]

Does the ClamAV integration actually work for anyone in smbwebclient?

Here, it doesn't seem to work. I can successfully upload an eicar test file that ClamAV will detect on the CLI and I get nothing in the clamav log.

[Marci]

Pete - in your config_smb_web_client file, what do you have for the $smb_cfg->cfgAntivirus entry? Whatever is in there becomes the name of the function called, and the function is entitled ClamAV so config must state ClamAV case sensitively. ie: ClamAV should work, whereas clamav won't work...

Specifically, here's the code used on new file uploads:

Code:

$smb_cfg->cfgAntivirus = 'ClamAV';

Code:

function NewFileAction ()
{
    if ($_FILES['file']['tmp_name'] <> '') {
        $this->parent = $this->path;
        $this->name = $_FILES['file']['name'];
        if ($this->cfgAntivirus) {
            $fn = $this->cfgAntivirus;
            $infected = $this->$fn($_FILES['file']['tmp_name']);
        }
        if (! $infected) {
            $this->UploadFile($_FILES['file']['tmp_name']);
            $this->Debug('new file "'.$this->name);
        }
    }
    if ($this->status <> '') $this->ErrorMessage($this->status);
    header('Location: '.$this->FromPath('.'));
    exit;
}

function ClamAV ($file)
{
    $out = preg_split('/\n/',`clamscan $file`);
    if (preg_match('/^'.$file.': (.*) FOUND$/', $out[0], $regs)) {
        $this->status = 'VIRUS: '.$regs[1];
        return true;
    } else {
        return false;
    }
}

[Marci]

Righty - can confirm it works fine for me and reports virii correctly, however, for it to do so I had to make a slight change... in class_smbwebclient.php, comment out the current ClamAV function, and replace it as follows then give it another try:

Code:

/* function ClamAV ($file)
{
    $out = preg_split('/\n/',`clamscan $file`);
    if (preg_match('/^'.$file.': (.*) FOUND$/', $out[0], $regs)) {
        $this->status = 'VIRUS: '.$regs[1];
        return true;
    } else {
        return false;
    }
} */

function ClamAV($file)
{
    $out = preg_split('/\n/',`clamscan $file`);
    if (strpos($out[0],'FOUND')){
        $this->status = 'VIRUS DETECTED: '.$out[0];
        return true;
    } else {
        return false;
    }
}

For some reason the preg_match statement was throwing an invalid modifier, or simply didn't detect the FOUND string.

ALSO, for info, smb_web_client only checks the FIRST line of the response from 'clamscan $file', so if at CLI this comes back with anything other than '/path/file: verdict' then the file's scan results won't actually be seen by smb_web_client, and it'll say all is fine, even tho on the 5th line of clamscan's response it may state that a virus is found.

Really the function needs modifying to iterate thru each line of $out and look for a line whose beginning matches $file and take the array pointer for that line instead of always using $out[0] incase of out-of-date DBs etc.

[pete]

Sorry, got sidetracked on another issue. Our config looks good and the code (when called in a separate .php file can be made to work against clamscan and clamdscan).

We found the regex issue too. (Hacky fix for iterating at the bottom)

The problem is a default distro install of ClamAV will often (unless you're repackaging the engine frequently yourself) dump 13 lines of whining about your ClamAV engine being out of date.

A better solution would be to call clamdscan (since it's already running as a daemon) because it's much, much faster (.05 of a second vs 4 seconds) i.e:

Code:

pete@moodle:~$ time clamscan test2.txt 
LibClamAV Warning: ***********************************************************
LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
<snip> LibClamAV Whining</snip>
LibClamAV Warning: ***********************************************************
test2.txt: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 1151693
Engine version: 0.96.5
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 4.936 sec (0 m 4 s)

real	0m4.965s
user	0m4.730s
sys	0m0.210s

vs

Code:

pete@moodle:~$ time clamdscan test2.txt 
/home/pete/test2.txt: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.000 sec (0 m 0 s)

real	0m0.004s
user	0m0.010s
sys	0m0.000s

Hacky fix that properly iterates, but needs some TLC and debug code removed

Code:

function ClamAV ($file)
{
    $out = preg_split('/\n/',`clamscan $file`);
        error_log("Starting - Scanning file:".$file, 0);
        error_log("Starting - Preg Split result:".$out[0], 0);
        
    if (preg_match('/FOUND/s', $out[0], $regs)) {
        $this->status = 'VIRUS: '.$regs[0];
                error_log("Found Virus!", 0);
                
        return true;
    } else {
        error_log("No Virus Found.", 0);
        return false;
    }
}