Changes for page ClamAV

From version 3.1
edited by fse
on 16.05.2022, 16:15
Change comment: Neues Bild de_saved.png hochladen
To version 33.2
edited by awa
on 14.06.2022, 12:42
Change comment: There is no comment for this version

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.fse
1 +XWiki.awa
Content
... ... @@ -1,1 +1,168 @@
1 -ClamAV
1 +{{info}}
2 +{{version major="7" minor="0" patch="13" showInfo="true"}}
3 +This plugin can only be used with {{formcycle/}} Version 7.0.13 or higher.
4 +{{/version}}
5 +{{/info}}
6 +
7 +[[**Plugin-Download**>>https://customer.formcycle.eu/index.php/apps/files/?dir=/FORMCYCLE%20-%20Plugins%20Customer/fc-plugin-malware-scanner/ClamAV&fileid=40404]] (requires login)
8 +
9 +{{content/}}
10 +
11 +With the free //ClamAV// plugin for {{formcycle/}} it is possible to scan uploaded files for viruses. For this purpose, this plugin establishes a connection to a //ClamAV// daemon service via TCP.
12 +
13 +== Functionality ==
14 +
15 +; Immediate virus scan
16 +: Each file is scanned immediately after upload.
17 +
18 +The used //ClamAV//-daemon service can neither be configured nor started by this plugin.
19 +
20 +== Installation ==
21 +
22 +The installation of the plugin has to be carried out via the interface of plugins provided for this purpose. Only the corresponding //jar// file has to be installed.
23 +
24 +{{info}}
25 + The //ClamAV// plug-in scans files in backend and fronted. To be always available to all users it is advisable to install the plugin as a system plugin. This also avoids possible problems with double-used ports and enables a central configuration.
26 +{{/info}}
27 +
28 +== Plugin configuration ==
29 +
30 +After saving, a ping test is automatically performed. If this fails, a message will be displayed. In this case all uploads in the backend or in the form will be marked as faulty - the plugin should be deactivated first and a working connection should be established.
31 +
32 +{{figure image="en_error.png" width="400"}}
33 + If no connection can be established to the specified host, this message is displayed.
34 +{{/figure}}
35 +
36 +The following configuration parameters exist:
37 +
38 +; host (Required)
39 +: Default value: //127.0.0.1//. Specifies the //IP// address of the //ClamAV//-daemon service to be used. The default value is //127.0.0.1// and thus uses a local //ClamAV//-daemon service.
40 +; port (Required)
41 +: Default value: //3310//. Specifies the port of the //ClamAV//-daemon service to use. The default value should only be changed if this port is not available.
42 +; file-source
43 +: If the value //stream// is entered here (default value), the data of the file to be checked will be transferred directly to the //ClamAV//-daemon service. If the value //path// is entered here, scanning is done directly on the path - whereby the //ClamAV//-daemon service must have root rights for this.
44 +
45 +{{info}}
46 +//ClamAV// is intended to run on Linux-based servers. Therefore, we cannot guarantee any other support.
47 +{{/info}}
48 +
49 +
50 +== Configuration //ClamAV// ==
51 +
52 +The following section discusses installation and configuration of //ClamAV//. Our recommended scenario is to install {{formcycle/}} and the //ClamAV//-daemon service on the same server.
53 +
54 +=== Installation ===
55 +
56 +To install //ClamAV// on a server, the following commands should be entered on the server.
57 +
58 +//ClamAV// is the program that can scan files for viruses and is required for the use of //ClamAV//-daemon.
59 +
60 +; Update the package list:
61 +; {{code language="shell"}} sudo apt-get update {{/code}}
62 +
63 +; Install //ClamAV// and //ClamAV//-daemon:
64 +; {{code language="shell"}} sudo apt-get install clamav clamav-daemon -y {{/code}}
65 +
66 +=== Update the virus signature database ===
67 +
68 +//freshclam// is automatically installed with //ClamAV// and is used to update the virus signature database.
69 +
70 +; Terminate the automatic //freshclam// process:
71 +; {{code language="shell"}} sudo systemctl stop clamav-freshclam {{/code}}
72 +
73 +; Manually update virus signature database:
74 +; {{code language="shell"}} sudo freshclam {{/code}}
75 +
76 +=== Configuration //ClamAV//-daemon ===
77 +
78 +//ClamAV//-daemon is the process running in the background on the server, which is addressed for the virus scan. This is done via TCP and must be configured accordingly.
79 +
80 +For this purpose, the configuration file under: // /etc/clamav/clamd.conf // should be adapted.
81 +
82 +Open the configuration file:
83 +
84 +; {{code language="shell"}} sudo nano /etc/clamav/clamd.conf {{/code}}
85 +
86 +Use the arrow keys to navigate to the end of the file.
87 +
88 +; Add //TCPAddr 127.0.0.1 //
89 +; Add //TCPSocket 3310 //
90 +
91 +{{lightbox image="en_clamd.conf.png"/}}
92 +
93 +; Specify root rights for //ClamAV//-daemon
94 +: To do this, the row //User clamav// has to be changed to //User root// in this file.
95 +
96 +Now you can save and exit with //Ctrl + X//. Confirm with //Y// and the Enter key.
97 +
98 +=== Starting the //ClamAV//-daemon Service ===
99 +
100 +Now the service can be started.
101 +
102 +: Start the //ClamAV//-daemon Service:
103 +; {{code language="shell"}} sudo systemctl start clamav-daemon.service {{/code}}
104 +
105 +=== Checking the availability of the service ===
106 +
107 +In order for this plugin to be able to address the //ClamAV//-daemon service, the service must be listening in the right place - in this case at //127.0.0.1:3310//. This can be checked in the server's terminal.
108 +
109 +Using //netstat// the TCP socket of the //ClamAV//-daemon service can be examined.
110 +
111 +; {{code language="shell"}} sudo netstat -anp | grep -E "(clam)" {{/code}}
112 +
113 +{{lightbox image="en_tcp_test.png"/}}
114 +
115 +If no line starting with //tcp// is seen or a different //host:port// combination is seen as //127.0.0.1:3310//, the configuration has to be checked again.
116 +
117 +== Example configuration ==
118 +
119 +An example configuration with the above default values:
120 +
121 +{{lightbox image="en_plugin.png"/}}
122 +
123 +== Usage ==
124 +
125 +As soon as a virus signature has been detected, the following message is displayed:
126 +
127 +{{lightbox image="en_virus_found.png"/}}
128 +
129 +=== Test file ===
130 +
131 +A common method for checking virus scanners is the //eicar.com// file.
132 +At any point this test file can be uploaded and after successful configuration the message shown above should be seen.
133 +
134 +; [[**Wikipedia**>>https://de.wikipedia.org/wiki/EICAR-Testdatei]]
135 +; [[**Download**>>https://www.eicar.org/download-anti-malware-testfile/]]
136 +
137 +=== Logging ===
138 +
139 +//ClamAV// creates logs which can be found under // /var/log/clamav/clamav.log //.
140 +
141 +For example, after uploading the //eicar.com// test file, the following entry can be seen in //clamav.log //:
142 +
143 +; {{code language="shell"}} Wed May 25 10:10:21 2022 -> instream(127.0.0.1@32984): Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND {{/code}}
144 +
145 +{{formcycle/}} logs can be found for this at // /formcycle-data/formcycle7/logs //.
146 +
147 +After uploading the //eicar.com// test file, for example, the following entry can be seen in //formcycle-errors-log //:
148 +
149 +; {{code language="shell"}} [WARN] [25-05-22 10:10:21,192] [ajp-nio-127.0.0.1-8009-exec-43] (MalwareScanner.java:211) - Scanner <fc.plugin.malware.scanner.clamAV. ClamAntiVirusFileScanner@7b2a4953> detected malware signature for file </home/fc/tomcat9/tmp/xima-temp/formcycle7/xfc-malware-scan/stream-scan12705251110052849842/data2383296604287452271>: {stream=[Win.Test.EICAR_HDB-1]} {{/code}}
150 +; {{code language="shell"}} [ERROR] [25-05-22 10:10:21,207] [ajp-nio-127.0.0.1-8009-exec-43] (VirusScannerService.java:71) - Detected a virus {{/code}}
151 +
152 +== Version history ==
153 +
154 +=== Version 1.0.3
155 +
156 +* Change: The plugin is synchronized with the frontend server when one is available. This allows for malware scanning when using a frontend server.
157 +
158 +=== Version 1.0.2
159 +
160 +* Remove: property for path scanning, only InputStream now.
161 +
162 +=== Version 1.0.1
163 +
164 +* Fix: Skip scanning if operating system is not UNIX instead of detecting the file as a virus.
165 +
166 +=== Version 1.0.0
167 +
168 +* Initial release
de_plugin.png
Size
... ... @@ -1,1 +1,1 @@
1 -60.3 KB
1 +37.5 KB
Content
de_saved.png
Author
... ... @@ -1,1 +1,0 @@
1 -XWiki.fse
Size
... ... @@ -1,1 +1,0 @@
1 -5.5 KB
Content
de_error.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.fse
Size
... ... @@ -1,0 +1,1 @@
1 +7.9 KB
Content
de_tcp_test.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.fse
Size
... ... @@ -1,0 +1,1 @@
1 +17.6 KB
Content
de_virus_found.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.fse
Size
... ... @@ -1,0 +1,1 @@
1 +11.4 KB
Content
en_clamd.conf.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.fse
Size
... ... @@ -1,0 +1,1 @@
1 +16.4 KB
Content
en_error.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.fse
Size
... ... @@ -1,0 +1,1 @@
1 +7.1 KB
Content
en_plugin.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.fse
Size
... ... @@ -1,0 +1,1 @@
1 +33.0 KB
Content
en_tcp_test.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.fse
Size
... ... @@ -1,0 +1,1 @@
1 +16.7 KB
Content
en_virus_found.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.fse
Size
... ... @@ -1,0 +1,1 @@
1 +9.6 KB
Content