| ... |
... |
@@ -80,6 +80,7 @@ |
| 80 |
80 |
For this purpose, the configuration file under: // /etc/clamav/clamd.conf // should be adapted. |
| 81 |
81 |
|
| 82 |
82 |
Open the configuration file: |
|
83 |
+ |
| 83 |
83 |
; {{code language="shell"}} sudo nano /etc/clamav/clamd.conf {{/code}} |
| 84 |
84 |
|
| 85 |
85 |
Use the arrow keys to navigate to the end of the file. |
| ... |
... |
@@ -106,6 +106,7 @@ |
| 106 |
106 |
In order for this plugin to be able to address the //ClamAV//-daemon service, the service must be listening in the right place - in this case at //127.0.0.1:3310//. This can be checked in the server's terminal. |
| 107 |
107 |
|
| 108 |
108 |
Using //netstat// the TCP socket of the //ClamAV//-daemon service can be examined. |
|
110 |
+ |
| 109 |
109 |
; {{code language="shell"}} sudo netstat -anp | grep -E "(clam)" {{/code}} |
| 110 |
110 |
|
| 111 |
111 |
{{lightbox image="en_tcp_test.png"/}} |
| ... |
... |
@@ -137,21 +137,30 @@ |
| 137 |
137 |
//ClamAV// creates logs which can be found under // /var/log/clamav/clamav.log //. |
| 138 |
138 |
|
| 139 |
139 |
For example, after uploading the //eicar.com// test file, the following entry can be seen in //clamav.log //: |
|
142 |
+ |
| 140 |
140 |
; {{code language="shell"}} Wed May 25 10:10:21 2022 -> instream(127.0.0.1@32984): Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND {{/code}} |
| 141 |
141 |
|
| 142 |
142 |
{{formcycle/}} logs can be found for this at // /formcycle-data/formcycle7/logs //. |
| 143 |
143 |
|
| 144 |
144 |
After uploading the //eicar.com// test file, for example, the following entry can be seen in //formcycle-errors-log //: |
| 145 |
|
-; {{code language="shell"}} [WARN] [25-05-22 10:10:21,192] [ajp-nio-127.0.0.1-8009-exec-43] (MalwareScanner.java:211) - Scanner <fc.plugin.malware.scanner.clamAV. ClamAntiVirusFileScanner@7b2a4953> detected malware signature for file </home/fc/tomcat9/tmp/xima-temp/formcycle7/xfc-malware-scan/stream-scan12705251110052849842/data2383296604287452271>: {stream=[Win.Test.EICAR_HDB-1]} {{code}} |
|
148 |
+ |
|
149 |
+; {{code language="shell"}} [WARN] [25-05-22 10:10:21,192] [ajp-nio-127.0.0.1-8009-exec-43] (MalwareScanner.java:211) - Scanner <fc.plugin.malware.scanner.clamAV. ClamAntiVirusFileScanner@7b2a4953> detected malware signature for file </home/fc/tomcat9/tmp/xima-temp/formcycle7/xfc-malware-scan/stream-scan12705251110052849842/data2383296604287452271>: {stream=[Win.Test.EICAR_HDB-1]} {{/code}} |
| 146 |
146 |
; {{code language="shell"}} [ERROR] [25-05-22 10:10:21,207] [ajp-nio-127.0.0.1-8009-exec-43] (VirusScannerService.java:71) - Detected a virus {{/code}} |
| 147 |
147 |
|
| 148 |
148 |
== Version history == |
| 149 |
149 |
|
| 150 |
|
-**Version 1.0.1** |
|
154 |
+=== Version 1.0.3 |
| 151 |
151 |
|
| 152 |
|
-* Optimisations for installation on server clusters |
|
156 |
+* Change: The plugin is synchronized with the frontend server when one is available. This allows for malware scanning when using a frontend server. |
| 153 |
153 |
|
| 154 |
|
-**Version 1.0.0 |
|
158 |
+=== Version 1.0.2 |
| 155 |
155 |
|
| 156 |
|
-* Initial release |
|
160 |
+* Remove: property for path scanning, only InputStream now. |
| 157 |
157 |
|
|
162 |
+=== Version 1.0.1 |
|
163 |
+ |
|
164 |
+* Fix: Skip scanning if operating system is not UNIX instead of detecting the file as a virus. |
|
165 |
+ |
|
166 |
+=== Version 1.0.0 |
|
167 |
+ |
|
168 |
+* Initial release |
