Skip to content

symbiote/silverstripe-steamedclams

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Introduction

Using ClamAV, this module scans files as their uploaded and denies uploading if a virus was detected. If the ClamAV daemon is down it will log that the file needs to be scanned, wherein you can either manually scan via the CMS once the daemon is back online, run a nightly cron that scans the files or if you have queuedjobs installed, it will automatically scan missed files at nightly.

Composer Install

composer require symbiote/silverstripe-steamedclams:~2.0

Screenshots

ModelAdmin

UploadField

Quick Start

  1. Install ClamAV in Unix/Linux.
sudo apt install clamav clamav-daemon

run sudo apt-get install apt-get update when necessary.

  1. Start clamav-daemon
sudo service clamav-freshclam restart
# wait ~2 minutes
sudo service clamav-daemon start

And check the clamav-daemon is running.

 sudo service clamav-daemon status
  1. Setup socket permissions The clamav-daemon creates this /var/run/clamav/clamd.ctl if not.
sudo mkdir /var/run/clamav
sudo chown -R user:group /var/run/clamav

'defaultsite' being the user and group that has ownership.

  1. Configure clamd.conf:
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/run/clamav/clamd.ctl

(optional) You can use a different socket path, but you will need to change it in the config YML like below to match your clamd.conf:

Symbiote\SteamedClams\ClamAV:
  clamd:
    LocalSocket: '/var/run/clamav/clamd.ctl'
  1. After running dev/build?flush, all files should scan for viruses automatically during uploading / validation. If you are using

  2. To check to see if it's running properly, it should show that it's ONLINE at: http://{mysite.com}/admin/clamav

Configuration

Symbiote\SteamedClams\ClamAV:
  # Make this the same as your clamd.conf settings
  clamd:
    LocalSocket: '/var/run/clamav/clamd.ctl'
  # If true and the ClamAV daemon isn't running or isn't installed the file will be denied as if it has a virus.
  deny_on_failure: false
  # For configuring on existing site builds and ignoring the scanning of pre-module install `File` records. 
  initial_scan_ignore_before_datetime: '1970-12-25 00:00:00'

If you have the QueuedJobs module installed, you can configure when files missed by ClamAV daemon are scanned. This job will only queue if the daemon couldn't be connected to at the time that the file was uploaded.

Symbiote\SteamedClams\ClamAVScanJob:
  # This job will queue itself on dev/build by default if `File` records have been missed in scanning.
  disable_queue_on_devbuild: false
  # Repeat at daily by default (in seconds).
  repeat_time: 86400
  # Repeat at 2am by default
  time: '02:00:00'

Install on existing project

By running the task below, all files uploaded before installation of the module will be scanned.

/dev/tasks/Symbiote-SteamedClams-ClamAVInstallTask

To ignore certain files before a specific date, you can configure the datetime in your YML files, as below:

Symbiote\SteamedClams\ClamAV:
  initial_scan_ignore_before_datetime: '2015-06-06 00:00:00'

Emulate Mode

To emulate ClamAV results, put in your YML

Injector:
  Symbiote\SteamedClams\ClamAV:
    class: Symbiote\SteamedClams\ClamAVEmulator

Then in your _config.php, switch between various testing modes:

<?php

use Symbiote\SteamedClams\ClamAV;
use Symbiote\SteamedClams\ClamAVEmulator;

// Use this instead of YAML for quicker testing
Config::inst()->update('Injector', 'Symbiote\SteamedClams\ClamAV', array('class' => 'Symbiote\SteamedClams\ClamAVEmulator'));

// If no virus found
ClamAVEmulator::config()->mode = ClamAVEmulator::MODE_NO_VIRUS;

// If virus found (Eicar-Test-Signature)
ClamAVEmulator::config()->mode = ClamAVEmulator::MODE_HAS_VIRUS;

// If ClamAV daemon isn't running
ClamAVEmulator::config()->mode = ClamAVEmulator::MODE_OFFLINE;

Supports

  • Silverstripe 4.0 and up
  • Versioned Files
  • CDN Content
  • For Silverstripe 3.2 and up (3.1 should work, create an issue if you determine otherwise) use 1.0

Credits

Barakat S for clamd PHP interface "How to Forge" users for fixing permission issues