Changes for page ClamAV

Summary

• Page properties (1 modified, 0 added, 0 removed)
• Attachments (2 modified, 1 added, 7 removed)
  • de_error.png
  • de_plugin.png
  • de_tcp_test.png
  • de_virus_found.png
  • en_clamd.conf.png
  • en_error.png
  • en_plugin.png
  • en_tcp_test.png
  • en_virus_found.png
  • de_saved.png

Details

Page properties

Content

...	...	@@ -1,160 +1,1 @@
1		-{{info}}
2		-{{version major="7" minor="0" patch="13" showInfo="true"}}
3		-This plugin can only be used with {{formcycle/}} Version 7.0.13 or higher.
4		-{{/version}}
5		-{{/info}}
6		-
7		-[[**Plugin-Download**>>https://customer.formcycle.eu/index.php/apps/files/?dir=/FORMCYCLE%20-%20Plugins%20Customer/fc-plugin-malware-scanner/ClamAV&fileid=40404]] (requires login)
8		-
9		-{{content/}}
10		-
11		-With the free //ClamAV// plugin for {{formcycle/}} it is possible to scan uploaded files for viruses. For this purpose, this plugin establishes a connection to a //ClamAV// daemon service via TCP.
12		-
13		-== Functionality ==
14		-
15		-; Immediate virus scan
16		-: Each file is scanned immediately after upload.
17		-
18		-The used //ClamAV//-daemon service can neither be configured nor started by this plugin.
19		-
20		-== Installation ==
21		-
22		-The installation of the plugin has to be carried out via the interface of plugins provided for this purpose. Only the corresponding //jar// file has to be installed.
23		-
24		-{{info}}
25		- The //ClamAV// plug-in scans files in backend and fronted. To be always available to all users it is advisable to install the plugin as a system plugin. This also avoids possible problems with double-used ports and enables a central configuration.
26		-{{/info}}
27		-
28		-== Plugin configuration ==
29		-
30		-After saving, a ping test is automatically performed. If this fails, a message will be displayed. In this case all uploads in the backend or in the form will be marked as faulty - the plugin should be deactivated first and a working connection should be established.
31		-
32		-{{figure image="en_error.png" width="400"}}
33		- If no connection can be established to the specified host, this message is displayed.
34		-{{/figure}}
35		-
36		-The following configuration parameters exist:
37		-
38		-; host (Required)
39		-: Default value: //127.0.0.1//. Specifies the //IP// address of the //ClamAV//-daemon service to be used. The default value is //127.0.0.1// and thus uses a local //ClamAV//-daemon service.
40		-; port (Required)
41		-: Default value: //3310//. Specifies the port of the //ClamAV//-daemon service to use. The default value should only be changed if this port is not available.
42		-; file-source
43		-: If the value //stream// is entered here (default value), the data of the file to be checked will be transferred directly to the //ClamAV//-daemon service. If the value //path// is entered here, scanning is done directly on the path - whereby the //ClamAV//-daemon service must have root rights for this.
44		-
45		-{{info}}
46		-//ClamAV// is intended to run on Linux-based servers. Therefore, we cannot guarantee any other support.
47		-{{/info}}
48		-
49		-
50		-== Configuration //ClamAV// ==
51		-
52		-The following section discusses installation and configuration of //ClamAV//. Our recommended scenario is to install {{formcycle/}} and the //ClamAV//-daemon service on the same server.
53		-
54		-=== Installation ===
55		-
56		-To install //ClamAV// on a server, the following commands should be entered on the server.
57		-
58		-//ClamAV// is the program that can scan files for viruses and is required for the use of //ClamAV//-daemon.
59		-
60		-; Update the package list:
61		-; {{code language="shell"}} sudo apt-get update {{/code}}
62		-
63		-; Install //ClamAV// and //ClamAV//-daemon:
64		-; {{code language="shell"}} sudo apt-get install clamav clamav-daemon -y {{/code}}
65		-
66		-=== Update the virus signature database ===
67		-
68		-//freshclam// is automatically installed with //ClamAV// and is used to update the virus signature database.
69		-
70		-; Terminate the automatic //freshclam// process:
71		-; {{code language="shell"}} sudo systemctl stop clamav-freshclam {{/code}}
72		-
73		-; Manually update virus signature database:
74		-; {{code language="shell"}} sudo freshclam {{/code}}
75		-
76		-=== Configuration //ClamAV//-daemon ===
77		-
78		-//ClamAV//-daemon is the process running in the background on the server, which is addressed for the virus scan. This is done via TCP and must be configured accordingly.
79		-
80		-For this purpose, the configuration file under: // /etc/clamav/clamd.conf // should be adapted.
81		-
82		-Open the configuration file:
83		-
84		-; {{code language="shell"}} sudo nano /etc/clamav/clamd.conf {{/code}}
85		-
86		-Use the arrow keys to navigate to the end of the file.
87		-
88		-; Add //TCPAddr 127.0.0.1 //
89		-; Add //TCPSocket 3310 //
90		-
91		-{{lightbox image="en_clamd.conf.png"/}}
92		-
93		-; Specify root rights for //ClamAV//-daemon
94		-: To do this, the row //User clamav// has to be changed to //User root// in this file.
95		-
96		-Now you can save and exit with //Ctrl + X//. Confirm with //Y// and the Enter key.
97		-
98		-=== Starting the //ClamAV//-daemon Service ===
99		-
100		-Now the service can be started.
101		-
102		-: Start the //ClamAV//-daemon Service:
103		-; {{code language="shell"}} sudo systemctl start clamav-daemon.service {{/code}}
104		-
105		-=== Checking the availability of the service ===
106		-
107		-In order for this plugin to be able to address the //ClamAV//-daemon service, the service must be listening in the right place - in this case at //127.0.0.1:3310//. This can be checked in the server's terminal.
108		-
109		-Using //netstat// the TCP socket of the //ClamAV//-daemon service can be examined.
110		-
111		-; {{code language="shell"}} sudo netstat -anp | grep -E "(clam)" {{/code}}
112		-
113		-{{lightbox image="en_tcp_test.png"/}}
114		-
115		-If no line starting with //tcp// is seen or a different //host:port// combination is seen as //127.0.0.1:3310//, the configuration has to be checked again.
116		-
117		-== Example configuration ==
118		-
119		-An example configuration with the above default values:
120		-
121		-{{lightbox image="en_plugin.png"/}}
122		-
123		-== Usage ==
124		-
125		-As soon as a virus signature has been detected, the following message is displayed:
126		-
127		-{{lightbox image="en_virus_found.png"/}}
128		-
129		-=== Test file ===
130		-
131		-A common method for checking virus scanners is the //eicar.com// file.
132		-At any point this test file can be uploaded and after successful configuration the message shown above should be seen.
133		-
134		-; [[**Wikipedia**>>https://de.wikipedia.org/wiki/EICAR-Testdatei]]
135		-; [[**Download**>>https://www.eicar.org/download-anti-malware-testfile/]]
136		-
137		-=== Logging ===
138		-
139		-//ClamAV// creates logs which can be found under // /var/log/clamav/clamav.log //.
140		-
141		-For example, after uploading the //eicar.com// test file, the following entry can be seen in //clamav.log //:
142		-
143		-; {{code language="shell"}} Wed May 25 10:10:21 2022 -> instream(127.0.0.1@32984): Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND {{/code}}
144		-
145		-{{formcycle/}} logs can be found for this at // /formcycle-data/formcycle7/logs //.
146		-
147		-After uploading the //eicar.com// test file, for example, the following entry can be seen in //formcycle-errors-log //:
148		-
149		-; {{code language="shell"}} [WARN] [25-05-22 10:10:21,192] [ajp-nio-127.0.0.1-8009-exec-43] (MalwareScanner.java:211) - Scanner <fc.plugin.malware.scanner.clamAV. ClamAntiVirusFileScanner@7b2a4953> detected malware signature for file </home/fc/tomcat9/tmp/xima-temp/formcycle7/xfc-malware-scan/stream-scan12705251110052849842/data2383296604287452271>: {stream=[Win.Test.EICAR_HDB-1]} {{/code}}
150		-; {{code language="shell"}} [ERROR] [25-05-22 10:10:21,207] [ajp-nio-127.0.0.1-8009-exec-43] (VirusScannerService.java:71) - Detected a virus {{/code}}
151		-
152		-== Version history ==
153		-
154		-**Version 1.0.1**
155		-
156		-* Optimisations for installation on server clusters
157		-
158		-**Version 1.0.0**
159		-
160		-* Initial release
	1	+ClamAV

de_error.png

Author

...	...	@@ -1,1 +1,0 @@
1		-XWiki.fse

Size

...	...	@@ -1,1 +1,0 @@
1		-7.9 KB

Content

de_plugin.png

Size

...	...	@@ -1,1 +1,1 @@
1		-39.8 KB
	1	+60.3 KB

Content

de_tcp_test.png

Author

...	...	@@ -1,1 +1,0 @@
1		-XWiki.fse

Size

...	...	@@ -1,1 +1,0 @@
1		-17.6 KB

Content

de_virus_found.png

Author

...	...	@@ -1,1 +1,0 @@
1		-XWiki.fse

Size

...	...	@@ -1,1 +1,0 @@
1		-11.4 KB

Content

en_clamd.conf.png

Author

...	...	@@ -1,1 +1,0 @@
1		-XWiki.fse

Size

...	...	@@ -1,1 +1,0 @@
1		-16.4 KB

Content

en_error.png

Size

...	...	@@ -1,1 +1,1 @@
1		-7.1 KB
	1	+5.5 KB

Content

en_plugin.png

Author

...	...	@@ -1,1 +1,0 @@
1		-XWiki.fse

Size

...	...	@@ -1,1 +1,0 @@
1		-35.3 KB

Content

en_tcp_test.png

Author

...	...	@@ -1,1 +1,0 @@
1		-XWiki.fse

Size

...	...	@@ -1,1 +1,0 @@
1		-16.7 KB

Content

en_virus_found.png

Author

...	...	@@ -1,1 +1,0 @@
1		-XWiki.fse

Size

...	...	@@ -1,1 +1,0 @@
1		-9.6 KB

Content

de_saved.png

Author

...	...	@@ -1,0 +1,1 @@
	1	+XWiki.fse

Size

...	...	@@ -1,0 +1,1 @@
	1	+5.5 KB

Content