Changes for page ClamAV

From 22.1 to 23.1

From version 23.1

edited by fse
on 25.05.2022, 11:55

Change comment: Neues Bild de_plugin.png hochladen

To version 33.3

edited by jdr
on 23.11.2023, 14:38

Change comment: There is no comment for this version

Raw
Rendered

Summary

Page properties (2 modified, 0 added, 0 removed)
Attachments (2 modified, 1 added, 0 removed)

Details

Page properties

Author

@@ -1,1 +1,1 @@
--XWiki.fse
++XWiki.jdr

Content

@@ -1,19 +1,34 @@
  {{info}}
  {{version major="7" minor="0" patch="13" showInfo="true"}}
--This plugin can only be used with {{formcycle/}} version 7.0.13 or higher.
++This plugin can only be used with {{formcycle/}} Version 7.0.13 or higher.
  {{/version}}
  {{/info}}
--[[**Plugin download**>>https://customer.formcycle.eu/index.php/apps/files/?dir=/FORMCYCLE%20-%20Plugins%20Customer/fc-plugin-malware-scanner/ClamAV&fileid=40404]] (Requires login)
++[[**Plugin-Download**>>https://customer.formcycle.eu/index.php/apps/files/?dir=/FORMCYCLE%20-%20Plugins%20Customer/fc-plugin-malware-scanner/ClamAV&fileid=40404]] (requires login)
  {{content/}}
--Uploaded files can be checked for viruses via the plug-in. For this purpose, this plugin is required as an activated system plugin and a running ClamAV-daemon service that can be accessed via TCP.
++With the free //ClamAV// plugin for {{formcycle/}} it is possible to scan uploaded files for viruses. For this purpose, this plugin establishes a connection to a //ClamAV// daemon service via TCP.
--After this plugin has been installed, it must be configured. The configuration consists of specifying which {{smallcaps}}host:port{{/smallcaps}} combination is to be used. Furthermore, the transfer can be done with a {{smallcaps}}InputStream{{/smallcaps}} or working straight on the path.
++== Functionality ==
--== Configuration ==
++; Immediate virus scan
++: Each file is scanned immediately after upload.
++The used //ClamAV//-daemon service can neither be configured nor started by this plugin.
++
++== Installation ==
++
++The installation of the plugin has to be carried out via the interface of plugins provided for this purpose. Only the corresponding //jar// file has to be installed.
++
++{{info}}
++  The //ClamAV// plug-in scans files in backend and fronted. To be always available to all users it is advisable to install the plugin as a system plugin. This also avoids possible problems with double-used ports and enables a central configuration.
++{{/info}}
++
++== Plugin configuration ==
++
++After saving, a ping test is automatically performed. If this fails, a message will be displayed. In this case all uploads in the backend or in the form will be marked as faulty - the plugin should be deactivated first and a working connection should be established.
++
  {{figure image="en_error.png" width="400"}}
    If no connection can be established to the specified host, this message is displayed.
  {{/figure}}
@@ -21,39 +21,132 @@
  The following configuration parameters exist:
  ; host (Required)
--: Host name or IP address of the server running ClamAV-daemon. The standard port is {{smallcaps}}127.0.0.1{{/smallcaps}}, since ClamAV-daemon should be running on the same server as {{formcycle/}}.
++: Default value: //127.0.0.1//. Specifies the //IP// address of the //ClamAV//-daemon service to be used. The default value is //127.0.0.1// and thus uses a local //ClamAV//-daemon service.
  ; port (Required)
--: The default port of ClamAV-daemon is {{smallcaps}}3310{{/smallcaps}}. If the port is different, it must be specified here.
--; file-source
--: By default, the element to be checked is transferred via Java's {{smallcaps}}InputStream{{/smallcaps}}. If the value {{smallcaps}}path{{/smallcaps}} is entered here, the path is used directly - whereby the ClamAV-daemon service must have root rights.
++: Default value: //3310//. Specifies the port of the //ClamAV//-daemon service to use. The default value should only be changed if this port is not available.
++; os (Optional)
++: Default value: //JVM_PLATFORM//. Operating system on which the ClamAV daemon service is running. This value is only relevant if the operating system of formcycle and that of the ClamAV daemon service are different. For Linux or MacOS enter //UNIX//, for Windows enter //WINDOWS//. If both are running on the same operating system, you can leave this value blank or use //JVM_PLATFORM//.
--After saving, a ping test is automatically executed. If this fails, a corresponding message is displayed. In this case, all uploads in the backend or in the form are marked as faulty - the plugin should first be deactivated and a functioning connection established.
++{{info}}
++//ClamAV// is intended to run on Linux-based servers. Therefore, we cannot guarantee any other support.
++{{/info}}
--== ClamAV settings ==
++== Configuration //ClamAV// ==
--The following section discusses important configuration steps of ClamAV-Daemon. Our recommended scenario is to install {{formcycle/}} and the ClamAV-Daemon service on the same server.
++The following section discusses installation and configuration of //ClamAV//. Our recommended scenario is to install {{formcycle/}} and the //ClamAV//-daemon service on the same server.
--Since the actual virus scanning takes place separately from {{formcycle/}}, take care to keep the virus signature database up-to-date via {{smallcaps}}freshclam{{/smallcaps}}.
++=== Installation ===
--This plugin transmits the elements to be examined via TCP, which is deactivated by default in ClamAV-daemon. To enable it, the configuration file: {{smallcaps}}/etc/clamav/clamd.conf{{/smallcaps}} has to be edited.
++To install //ClamAV// on a server, the following commands should be entered on the server.
--The following parameters have to be added to the file:
++//ClamAV// is the program that can scan files for viruses and is required for the use of //ClamAV//-daemon.
--; TCPAddr (Required)
--: Shall be added and specified with the value {{smallcaps}}127.0.0.1{{/smallcaps}}.
--; TCPSocket (Required)
--: Shall be added and specified with the value {{smallcaps}}3310{{/smallcaps}} or different, if the port is occupied.
--; User
--: By default this is {{smallcaps}}clamav{{/smallcaps}} and has to be changed to {{smallcaps}}root{{/smallcaps}} to give root rights to the ClamAV-daemon service.
++; Update the package list:
++; {{code language="shell"}} sudo apt-get update {{/code}}
--{{figure image="en_tcp_test.png"}}
--  With the help of {{smallcaps}}netstat{{/smallcaps}} the TCP socket of the ClamAV-daemon service can be examined.
--{{/figure}}
++; Install //ClamAV// and //ClamAV//-daemon:
++; {{code language="shell"}} sudo apt-get install clamav clamav-daemon -y {{/code}}
--In order for this plugin to address the ClamAV-daemon service, the service has to be listening in the right place - in this case at {{smallcaps}}127.0.0.1:3310{{/smallcaps}}. This can be checked by the following command in the terminal:
++=== Update the virus signature database ===
--{{code language="shell"}}
--sudo netstat -anp | grep -E "(clam)"
--{{/code}}
++//freshclam// is automatically installed with //ClamAV// and is used to update the virus signature database.
++; Terminate the automatic //freshclam// process:
++; {{code language="shell"}} sudo systemctl stop clamav-freshclam {{/code}}
++; Manually update virus signature database:
++; {{code language="shell"}} sudo freshclam {{/code}}
++
++=== Configuration //ClamAV//-daemon ===
++
++//ClamAV//-daemon is the process running in the background on the server, which is addressed for the virus scan. This is done via TCP and must be configured accordingly.
++
++For this purpose, the configuration file under: // /etc/clamav/clamd.conf // should be adapted.
++
++Open the configuration file:
++
++; {{code language="shell"}} sudo nano /etc/clamav/clamd.conf {{/code}}
++
++Use the arrow keys to navigate to the end of the file.
++
++; Add //TCPAddr 127.0.0.1 //
++; Add //TCPSocket 3310 //
++
++{{lightbox image="en_clamd.conf.png"/}}
++
++; Specify root rights for //ClamAV//-daemon
++: To do this, the row //User clamav// has to be changed to //User root// in this file.
++
++Now you can save and exit with //Ctrl + X//. Confirm with //Y// and the Enter key.
++
++=== Starting the //ClamAV//-daemon Service ===
++
++Now the service can be started.
++
++: Start the //ClamAV//-daemon Service:
++; {{code language="shell"}} sudo systemctl start clamav-daemon.service {{/code}}
++
++=== Checking the availability of the service ===
++
++In order for this plugin to be able to address the //ClamAV//-daemon service, the service must be listening in the right place - in this case at //127.0.0.1:3310//. This can be checked in the server's terminal.
++
++Using //netstat// the TCP socket of the //ClamAV//-daemon service can be examined.
++
++; {{code language="shell"}} sudo netstat -anp | grep -E "(clam)" {{/code}}
++
++{{lightbox image="en_tcp_test.png"/}}
++
++If no line starting with //tcp// is seen or a different //host:port// combination is seen as //127.0.0.1:3310//, the configuration has to be checked again.
++
++== Example configuration ==
++
++An example configuration with the above default values:
++
++{{lightbox image="en_plugin.png"/}}
++
++== Usage ==
++
++As soon as a virus signature has been detected, the following message is displayed:
++
++{{lightbox image="en_virus_found.png"/}}
++
++=== Test file ===
++
++A common method for checking virus scanners is the //eicar.com// file.
++At any point this test file can be uploaded and after successful configuration the message shown above should be seen.
++
++; [[**Wikipedia**>>https://de.wikipedia.org/wiki/EICAR-Testdatei]]
++; [[**Download**>>https://www.eicar.org/download-anti-malware-testfile/]]
++
++=== Logging ===
++
++//ClamAV// creates logs which can be found under // /var/log/clamav/clamav.log //.
++
++For example, after uploading the //eicar.com// test file, the following entry can be seen in //clamav.log //:
++
++; {{code language="shell"}} Wed May 25 10:10:21 2022 -> instream(127.0.0.1@32984): Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND {{/code}}
++
++{{formcycle/}} logs can be found for this at // /formcycle-data/formcycle7/logs //.
++
++After uploading the //eicar.com// test file, for example, the following entry can be seen in //formcycle-errors-log //:
++
++; {{code language="shell"}} [WARN] [25-05-22 10:10:21,192] [ajp-nio-127.0.0.1-8009-exec-43] (MalwareScanner.java:211) - Scanner <fc.plugin.malware.scanner.clamAV. ClamAntiVirusFileScanner@7b2a4953> detected malware signature for file </home/fc/tomcat9/tmp/xima-temp/formcycle7/xfc-malware-scan/stream-scan12705251110052849842/data2383296604287452271>: {stream=[Win.Test.EICAR_HDB-1]} {{/code}}
++; {{code language="shell"}} [ERROR] [25-05-22 10:10:21,207] [ajp-nio-127.0.0.1-8009-exec-43] (VirusScannerService.java:71) - Detected a virus {{/code}}
++
++== Version history ==
++
++=== Version 1.0.3 ===
++
++* Change: The plugin is synchronized with the frontend server when one is available. This allows for malware scanning when using a frontend server.
++
++=== Version 1.0.2 ===
++
++* Remove: property for path scanning, only InputStream now.
++
++=== Version 1.0.1 ===
++
++* Fix: Skip scanning if operating system is not UNIX instead of detecting the file as a virus.
++
++=== Version 1.0.0 ===
++
++* Initial release

de_plugin.png

Size

@@ -1,1 +1,1 @@
--39.8 KB
++37.5 KB

Content

en_plugin.png

Size

@@ -1,1 +1,1 @@
--53.6 KB
++33.0 KB

Content

en_virus_found.png

Author

...	...	@@ -1,0 +1,1 @@
	1	+XWiki.fse

Size

...	...	@@ -1,0 +1,1 @@
	1	+9.6 KB

Content