Changes for page ClamAV

From version 24.1
edited by fse
on 25.05.2022, 15:56
Change comment: There is no comment for this version
To version 33.3
edited by jdr
on 23.11.2023, 14:38
Change comment: There is no comment for this version

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.fse
1 +XWiki.jdr
Content
... ... @@ -39,14 +39,13 @@
39 39  : Default value: //127.0.0.1//. Specifies the //IP// address of the //ClamAV//-daemon service to be used. The default value is //127.0.0.1// and thus uses a local //ClamAV//-daemon service.
40 40  ; port (Required)
41 41  : Default value: //3310//. Specifies the port of the //ClamAV//-daemon service to use. The default value should only be changed if this port is not available.
42 -; file-source
43 -: If the value //stream// is entered here (default value), the data of the file to be checked will be transferred directly to the //ClamAV//-daemon service. If the value //path// is entered here, scanning is done directly on the path - whereby the //ClamAV//-daemon service must have root rights for this.
42 +; os (Optional)
43 +: Default value: //JVM_PLATFORM//. Operating system on which the ClamAV daemon service is running. This value is only relevant if the operating system of formcycle and that of the ClamAV daemon service are different. For Linux or MacOS enter //UNIX//, for Windows enter //WINDOWS//. If both are running on the same operating system, you can leave this value blank or use //JVM_PLATFORM//.
44 44  
45 45  {{info}}
46 46  //ClamAV// is intended to run on Linux-based servers. Therefore, we cannot guarantee any other support.
47 47  {{/info}}
48 48  
49 -
50 50  == Configuration //ClamAV// ==
51 51  
52 52  The following section discusses installation and configuration of //ClamAV//. Our recommended scenario is to install {{formcycle/}} and the //ClamAV//-daemon service on the same server.
... ... @@ -80,6 +80,7 @@
80 80  For this purpose, the configuration file under: // /etc/clamav/clamd.conf // should be adapted.
81 81  
82 82  Open the configuration file:
82 +
83 83  ; {{code language="shell"}} sudo nano /etc/clamav/clamd.conf {{/code}}
84 84  
85 85  Use the arrow keys to navigate to the end of the file.
... ... @@ -106,6 +106,7 @@
106 106  In order for this plugin to be able to address the //ClamAV//-daemon service, the service must be listening in the right place - in this case at //127.0.0.1:3310//. This can be checked in the server's terminal.
107 107  
108 108  Using //netstat// the TCP socket of the //ClamAV//-daemon service can be examined.
109 +
109 109  ; {{code language="shell"}} sudo netstat -anp | grep -E "(clam)" {{/code}}
110 110  
111 111  {{lightbox image="en_tcp_test.png"/}}
... ... @@ -137,21 +137,30 @@
137 137  //ClamAV// creates logs which can be found under // /var/log/clamav/clamav.log //.
138 138  
139 139  For example, after uploading the //eicar.com// test file, the following entry can be seen in //clamav.log //:
141 +
140 140  ; {{code language="shell"}} Wed May 25 10:10:21 2022 -> instream(127.0.0.1@32984): Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND {{/code}}
141 141  
142 142  {{formcycle/}} logs can be found for this at // /formcycle-data/formcycle7/logs //.
143 143  
144 144  After uploading the //eicar.com// test file, for example, the following entry can be seen in //formcycle-errors-log //:
145 -; {{code language="shell"}} [WARN] [25-05-22 10:10:21,192] [ajp-nio-127.0.0.1-8009-exec-43] (MalwareScanner.java:211) - Scanner <fc.plugin.malware.scanner.clamAV. ClamAntiVirusFileScanner@7b2a4953> detected malware signature for file </home/fc/tomcat9/tmp/xima-temp/formcycle7/xfc-malware-scan/stream-scan12705251110052849842/data2383296604287452271>: {stream=[Win.Test.EICAR_HDB-1]} {{code}}
147 +
148 +; {{code language="shell"}} [WARN] [25-05-22 10:10:21,192] [ajp-nio-127.0.0.1-8009-exec-43] (MalwareScanner.java:211) - Scanner <fc.plugin.malware.scanner.clamAV. ClamAntiVirusFileScanner@7b2a4953> detected malware signature for file </home/fc/tomcat9/tmp/xima-temp/formcycle7/xfc-malware-scan/stream-scan12705251110052849842/data2383296604287452271>: {stream=[Win.Test.EICAR_HDB-1]} {{/code}}
146 146  ; {{code language="shell"}} [ERROR] [25-05-22 10:10:21,207] [ajp-nio-127.0.0.1-8009-exec-43] (VirusScannerService.java:71) - Detected a virus {{/code}}
147 147  
148 148  == Version history ==
149 149  
150 -**Version 1.0.1**
153 +=== Version 1.0.3 ===
151 151  
152 -* Optimisations for installation on server clusters
155 +* Change: The plugin is synchronized with the frontend server when one is available. This allows for malware scanning when using a frontend server.
153 153  
154 -**Version 1.0.0
157 +=== Version 1.0.2 ===
155 155  
156 -* Initial release
159 +* Remove: property for path scanning, only InputStream now.
157 157  
161 +=== Version 1.0.1 ===
162 +
163 +* Fix: Skip scanning if operating system is not UNIX instead of detecting the file as a virus.
164 +
165 +=== Version 1.0.0 ===
166 +
167 +* Initial release
de_plugin.png
Size
... ... @@ -1,1 +1,1 @@
1 -39.8 KB
1 +37.5 KB
Content
en_plugin.png
Size
... ... @@ -1,1 +1,1 @@
1 -53.6 KB
1 +33.0 KB
Content
en_virus_found.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.fse
Size
... ... @@ -1,0 +1,1 @@
1 +9.6 KB
Content