Wiki source code of ClamAV

Hide last authors
gru 12.3 1 {{info}}
2 {{version major="7" minor="0" patch="13" showInfo="true"}}
fse 23.2 3 This plugin can only be used with {{formcycle/}} Version 7.0.13 or higher.
gru 12.3 4 {{/version}}
5 {{/info}}
6
fse 23.2 7 [[**Plugin-Download**>>https://customer.formcycle.eu/index.php/apps/files/?dir=/FORMCYCLE%20-%20Plugins%20Customer/fc-plugin-malware-scanner/ClamAV&fileid=40404]] (requires login)
fse 7.2 8
9 {{content/}}
10
fse 23.2 11 With the free //ClamAV// plugin for {{formcycle/}} it is possible to scan uploaded files for viruses. For this purpose, this plugin establishes a connection to a //ClamAV// daemon service via TCP.
fse 7.2 12
fse 23.2 13 == Functionality ==
fse 7.2 14
fse 23.2 15 ; Immediate virus scan
16 : Each file is scanned immediately after upload.
fse 7.2 17
fse 23.2 18 The used //ClamAV//-daemon service can neither be configured nor started by this plugin.
19
20 == Installation ==
21
22 The installation of the plugin has to be carried out via the interface of plugins provided for this purpose. Only the corresponding //jar// file has to be installed.
23
24 {{info}}
25 The //ClamAV// plug-in scans files in backend and fronted. To be always available to all users it is advisable to install the plugin as a system plugin. This also avoids possible problems with double-used ports and enables a central configuration.
26 {{/info}}
27
28 == Plugin configuration ==
29
30 After saving, a ping test is automatically performed. If this fails, a message will be displayed. In this case all uploads in the backend or in the form will be marked as faulty - the plugin should be deactivated first and a working connection should be established.
31
fse 7.2 32 {{figure image="en_error.png" width="400"}}
33 If no connection can be established to the specified host, this message is displayed.
34 {{/figure}}
35
36 The following configuration parameters exist:
37
38 ; host (Required)
fse 23.3 39 : Default value: //127.0.0.1//. Specifies the //IP// address of the //ClamAV//-daemon service to be used. The default value is //127.0.0.1// and thus uses a local //ClamAV//-daemon service.
fse 12.1 40 ; port (Required)
fse 23.3 41 : Default value: //3310//. Specifies the port of the //ClamAV//-daemon service to use. The default value should only be changed if this port is not available.
fse 7.2 42 ; file-source
fse 23.3 43 : If the value //stream// is entered here (default value), the data of the file to be checked will be transferred directly to the //ClamAV//-daemon service. If the value //path// is entered here, scanning is done directly on the path - whereby the //ClamAV//-daemon service must have root rights for this.
fse 7.2 44
fse 23.2 45 {{info}}
46 //ClamAV// is intended to run on Linux-based servers. Therefore, we cannot guarantee any other support.
47 {{/info}}
fse 7.2 48
49
fse 23.2 50 == Configuration //ClamAV// ==
fse 7.2 51
fse 23.4 52 The following section discusses installation and configuration of //ClamAV//. Our recommended scenario is to install {{formcycle/}} and the //ClamAV//-daemon service on the same server.
fse 7.2 53
fse 23.2 54 === Installation ===
fse 7.2 55
fse 23.2 56 To install //ClamAV// on a server, the following commands should be entered on the server.
fse 7.2 57
fse 23.4 58 //ClamAV// is the program that can scan files for viruses and is required for the use of //ClamAV//-daemon.
fse 7.2 59
fse 23.2 60 ; Update the package list:
61 ; {{code language="shell"}} sudo apt-get update {{/code}}
fse 7.2 62
fse 23.5 63 ; Install //ClamAV// and //ClamAV//-daemon:
fse 23.2 64 ; {{code language="shell"}} sudo apt-get install clamav clamav-daemon -y {{/code}}
fse 7.2 65
fse 23.2 66 === Update the virus signature database ===
fse 7.2 67
fse 23.2 68 //freshclam// is automatically installed with //ClamAV// and is used to update the virus signature database.
fse 7.2 69
fse 23.2 70 ; Terminate the automatic //freshclam// process:
71 ; {{code language="shell"}} sudo systemctl stop clamav-freshclam {{/code}}
72
fse 23.5 73 ; Manually update virus signature database:
fse 23.2 74 ; {{code language="shell"}} sudo freshclam {{/code}}
75
fse 23.6 76 === Configuration //ClamAV//-daemon ===
fse 23.2 77
fse 23.6 78 //ClamAV//-daemon is the process running in the background on the server, which is addressed for the virus scan. This is done via TCP and must be configured accordingly.
fse 23.2 79
80 For this purpose, the configuration file under: // /etc/clamav/clamd.conf // should be adapted.
81
82 Open the configuration file:
fse 25.1 83
fse 23.2 84 ; {{code language="shell"}} sudo nano /etc/clamav/clamd.conf {{/code}}
85
86 Use the arrow keys to navigate to the end of the file.
87
88 ; Add //TCPAddr 127.0.0.1 //
fse 23.6 89 ; Add //TCPSocket 3310 //
fse 23.2 90
91 {{lightbox image="en_clamd.conf.png"/}}
92
fse 23.6 93 ; Specify root rights for //ClamAV//-daemon
94 : To do this, the row //User clamav// has to be changed to //User root// in this file.
fse 23.2 95
96 Now you can save and exit with //Ctrl + X//. Confirm with //Y// and the Enter key.
97
fse 23.6 98 === Starting the //ClamAV//-daemon Service ===
fse 23.2 99
100 Now the service can be started.
101
fse 23.6 102 : Start the //ClamAV//-daemon Service:
fse 23.2 103 ; {{code language="shell"}} sudo systemctl start clamav-daemon.service {{/code}}
104
105 === Checking the availability of the service ===
106
fse 23.6 107 In order for this plugin to be able to address the //ClamAV//-daemon service, the service must be listening in the right place - in this case at //127.0.0.1:3310//. This can be checked in the server's terminal.
fse 23.2 108
fse 23.6 109 Using //netstat// the TCP socket of the //ClamAV//-daemon service can be examined.
fse 25.1 110
fse 23.2 111 ; {{code language="shell"}} sudo netstat -anp | grep -E "(clam)" {{/code}}
112
113 {{lightbox image="en_tcp_test.png"/}}
114
fse 23.6 115 If no line starting with //tcp// is seen or a different //host:port// combination is seen as //127.0.0.1:3310//, the configuration has to be checked again.
fse 23.2 116
117 == Example configuration ==
118
119 An example configuration with the above default values:
120
121 {{lightbox image="en_plugin.png"/}}
122
123 == Usage ==
124
125 As soon as a virus signature has been detected, the following message is displayed:
126
127 {{lightbox image="en_virus_found.png"/}}
128
129 === Test file ===
130
131 A common method for checking virus scanners is the //eicar.com// file.
fse 24.1 132 At any point this test file can be uploaded and after successful configuration the message shown above should be seen.
fse 23.2 133
134 ; [[**Wikipedia**>>https://de.wikipedia.org/wiki/EICAR-Testdatei]]
135 ; [[**Download**>>https://www.eicar.org/download-anti-malware-testfile/]]
136
137 === Logging ===
138
139 //ClamAV// creates logs which can be found under // /var/log/clamav/clamav.log //.
140
141 For example, after uploading the //eicar.com// test file, the following entry can be seen in //clamav.log //:
fse 25.1 142
fse 23.2 143 ; {{code language="shell"}} Wed May 25 10:10:21 2022 -> instream(127.0.0.1@32984): Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND {{/code}}
144
fse 24.1 145 {{formcycle/}} logs can be found for this at // /formcycle-data/formcycle7/logs //.
fse 23.2 146
147 After uploading the //eicar.com// test file, for example, the following entry can be seen in //formcycle-errors-log //:
fse 25.1 148
149 ; {{code language="shell"}} [WARN] [25-05-22 10:10:21,192] [ajp-nio-127.0.0.1-8009-exec-43] (MalwareScanner.java:211) - Scanner <fc.plugin.malware.scanner.clamAV. ClamAntiVirusFileScanner@7b2a4953> detected malware signature for file </home/fc/tomcat9/tmp/xima-temp/formcycle7/xfc-malware-scan/stream-scan12705251110052849842/data2383296604287452271>: {stream=[Win.Test.EICAR_HDB-1]} {{/code}}
fse 23.2 150 ; {{code language="shell"}} [ERROR] [25-05-22 10:10:21,207] [ajp-nio-127.0.0.1-8009-exec-43] (VirusScannerService.java:71) - Detected a virus {{/code}}
151
152 == Version history ==
153
154 **Version 1.0.1**
155
156 * Optimisations for installation on server clusters
157
fse 25.1 158 **Version 1.0.0**
fse 23.2 159
160 * Initial release