Wiki source code of ClamAV
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | {{info}} | ||
| 2 | {{version major="7" minor="0" patch="13" showInfo="true"}} | ||
| 3 | This plugin can only be used with {{formcycle/}} Version 7.0.13 or higher. | ||
| 4 | {{/version}} | ||
| 5 | {{/info}} | ||
| 6 | |||
| 7 | [[**Plugin-Download**>>https://customer.formcycle.eu/index.php/apps/files/?dir=/FORMCYCLE%20-%20Plugins%20Customer/fc-plugin-malware-scanner/ClamAV&fileid=40404]] (requires login) | ||
| 8 | |||
| 9 | {{content/}} | ||
| 10 | |||
| 11 | With the free //ClamAV// plugin for {{formcycle/}} it is possible to scan uploaded files for viruses. For this purpose, this plugin establishes a connection to a //ClamAV// daemon service via TCP. | ||
| 12 | |||
| 13 | == Functionality == | ||
| 14 | |||
| 15 | ; Immediate virus scan | ||
| 16 | : Each file is scanned immediately after upload. | ||
| 17 | |||
| 18 | The used //ClamAV//-daemon service can neither be configured nor started by this plugin. | ||
| 19 | |||
| 20 | == Installation == | ||
| 21 | |||
| 22 | The installation of the plugin has to be carried out via the interface of plugins provided for this purpose. Only the corresponding //jar// file has to be installed. | ||
| 23 | |||
| 24 | {{info}} | ||
| 25 | The //ClamAV// plug-in scans files in backend and fronted. To be always available to all users it is advisable to install the plugin as a system plugin. This also avoids possible problems with double-used ports and enables a central configuration. | ||
| 26 | {{/info}} | ||
| 27 | |||
| 28 | == Plugin configuration == | ||
| 29 | |||
| 30 | After saving, a ping test is automatically performed. If this fails, a message will be displayed. In this case all uploads in the backend or in the form will be marked as faulty - the plugin should be deactivated first and a working connection should be established. | ||
| 31 | |||
| 32 | {{figure image="en_error.png" width="400"}} | ||
| 33 | If no connection can be established to the specified host, this message is displayed. | ||
| 34 | {{/figure}} | ||
| 35 | |||
| 36 | The following configuration parameters exist: | ||
| 37 | |||
| 38 | ; host (Required) | ||
| 39 | : Default value: //127.0.0.1//. Specifies the //IP// address of the //ClamAV//-daemon service to be used. The default value is //127.0.0.1// and thus uses a local //ClamAV//-daemon service. | ||
| 40 | ; port (Required) | ||
| 41 | : Default value: //3310//. Specifies the port of the //ClamAV//-daemon service to use. The default value should only be changed if this port is not available. | ||
| 42 | ; file-source | ||
| 43 | : If the value //stream// is entered here (default value), the data of the file to be checked will be transferred directly to the //ClamAV//-daemon service. If the value //path// is entered here, scanning is done directly on the path - whereby the //ClamAV//-daemon service must have root rights for this. | ||
| 44 | |||
| 45 | {{info}} | ||
| 46 | //ClamAV// is intended to run on Linux-based servers. Therefore, we cannot guarantee any other support. | ||
| 47 | {{/info}} | ||
| 48 | |||
| 49 | |||
| 50 | == Configuration //ClamAV// == | ||
| 51 | |||
| 52 | The following section discusses installation and configuration of //ClamAV//. Our recommended scenario is to install {{formcycle/}} and the //ClamAV//-daemon service on the same server. | ||
| 53 | |||
| 54 | === Installation === | ||
| 55 | |||
| 56 | To install //ClamAV// on a server, the following commands should be entered on the server. | ||
| 57 | |||
| 58 | //ClamAV// is the program that can scan files for viruses and is required for the use of //ClamAV//-daemon. | ||
| 59 | |||
| 60 | ; Update the package list: | ||
| 61 | ; {{code language="shell"}} sudo apt-get update {{/code}} | ||
| 62 | |||
| 63 | ; Install //ClamAV// and //ClamAV//-daemon: | ||
| 64 | ; {{code language="shell"}} sudo apt-get install clamav clamav-daemon -y {{/code}} | ||
| 65 | |||
| 66 | === Update the virus signature database === | ||
| 67 | |||
| 68 | //freshclam// is automatically installed with //ClamAV// and is used to update the virus signature database. | ||
| 69 | |||
| 70 | ; Terminate the automatic //freshclam// process: | ||
| 71 | ; {{code language="shell"}} sudo systemctl stop clamav-freshclam {{/code}} | ||
| 72 | |||
| 73 | ; Manually update virus signature database: | ||
| 74 | ; {{code language="shell"}} sudo freshclam {{/code}} | ||
| 75 | |||
| 76 | === Configuration //ClamAV//-daemon === | ||
| 77 | |||
| 78 | //ClamAV//-daemon is the process running in the background on the server, which is addressed for the virus scan. This is done via TCP and must be configured accordingly. | ||
| 79 | |||
| 80 | For this purpose, the configuration file under: // /etc/clamav/clamd.conf // should be adapted. | ||
| 81 | |||
| 82 | Open the configuration file: | ||
| 83 | |||
| 84 | ; {{code language="shell"}} sudo nano /etc/clamav/clamd.conf {{/code}} | ||
| 85 | |||
| 86 | Use the arrow keys to navigate to the end of the file. | ||
| 87 | |||
| 88 | ; Add //TCPAddr 127.0.0.1 // | ||
| 89 | ; Add //TCPSocket 3310 // | ||
| 90 | |||
| 91 | {{lightbox image="en_clamd.conf.png"/}} | ||
| 92 | |||
| 93 | ; Specify root rights for //ClamAV//-daemon | ||
| 94 | : To do this, the row //User clamav// has to be changed to //User root// in this file. | ||
| 95 | |||
| 96 | Now you can save and exit with //Ctrl + X//. Confirm with //Y// and the Enter key. | ||
| 97 | |||
| 98 | === Starting the //ClamAV//-daemon Service === | ||
| 99 | |||
| 100 | Now the service can be started. | ||
| 101 | |||
| 102 | : Start the //ClamAV//-daemon Service: | ||
| 103 | ; {{code language="shell"}} sudo systemctl start clamav-daemon.service {{/code}} | ||
| 104 | |||
| 105 | === Checking the availability of the service === | ||
| 106 | |||
| 107 | In order for this plugin to be able to address the //ClamAV//-daemon service, the service must be listening in the right place - in this case at //127.0.0.1:3310//. This can be checked in the server's terminal. | ||
| 108 | |||
| 109 | Using //netstat// the TCP socket of the //ClamAV//-daemon service can be examined. | ||
| 110 | |||
| 111 | ; {{code language="shell"}} sudo netstat -anp | grep -E "(clam)" {{/code}} | ||
| 112 | |||
| 113 | {{lightbox image="en_tcp_test.png"/}} | ||
| 114 | |||
| 115 | If no line starting with //tcp// is seen or a different //host:port// combination is seen as //127.0.0.1:3310//, the configuration has to be checked again. | ||
| 116 | |||
| 117 | == Example configuration == | ||
| 118 | |||
| 119 | An example configuration with the above default values: | ||
| 120 | |||
| 121 | {{lightbox image="en_plugin.png"/}} | ||
| 122 | |||
| 123 | == Usage == | ||
| 124 | |||
| 125 | As soon as a virus signature has been detected, the following message is displayed: | ||
| 126 | |||
| 127 | {{lightbox image="en_virus_found.png"/}} | ||
| 128 | |||
| 129 | === Test file === | ||
| 130 | |||
| 131 | A common method for checking virus scanners is the //eicar.com// file. | ||
| 132 | At any point this test file can be uploaded and after successful configuration the message shown above should be seen. | ||
| 133 | |||
| 134 | ; [[**Wikipedia**>>https://de.wikipedia.org/wiki/EICAR-Testdatei]] | ||
| 135 | ; [[**Download**>>https://www.eicar.org/download-anti-malware-testfile/]] | ||
| 136 | |||
| 137 | === Logging === | ||
| 138 | |||
| 139 | //ClamAV// creates logs which can be found under // /var/log/clamav/clamav.log //. | ||
| 140 | |||
| 141 | For example, after uploading the //eicar.com// test file, the following entry can be seen in //clamav.log //: | ||
| 142 | |||
| 143 | ; {{code language="shell"}} Wed May 25 10:10:21 2022 -> instream(127.0.0.1@32984): Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND {{/code}} | ||
| 144 | |||
| 145 | {{formcycle/}} logs can be found for this at // /formcycle-data/formcycle7/logs //. | ||
| 146 | |||
| 147 | After uploading the //eicar.com// test file, for example, the following entry can be seen in //formcycle-errors-log //: | ||
| 148 | |||
| 149 | ; {{code language="shell"}} [WARN] [25-05-22 10:10:21,192] [ajp-nio-127.0.0.1-8009-exec-43] (MalwareScanner.java:211) - Scanner <fc.plugin.malware.scanner.clamAV. ClamAntiVirusFileScanner@7b2a4953> detected malware signature for file </home/fc/tomcat9/tmp/xima-temp/formcycle7/xfc-malware-scan/stream-scan12705251110052849842/data2383296604287452271>: {stream=[Win.Test.EICAR_HDB-1]} {{/code}} | ||
| 150 | ; {{code language="shell"}} [ERROR] [25-05-22 10:10:21,207] [ajp-nio-127.0.0.1-8009-exec-43] (VirusScannerService.java:71) - Detected a virus {{/code}} | ||
| 151 | |||
| 152 | == Version history == | ||
| 153 | |||
| 154 | **Version 1.0.1** | ||
| 155 | |||
| 156 | * Optimisations for installation on server clusters | ||
| 157 | |||
| 158 | **Version 1.0.0** | ||
| 159 | |||
| 160 | * Initial release |