Wiki source code of ClamAV
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | {{info}} | ||
| 2 | {{version major="7" minor="0" patch="13" showInfo="true"}} | ||
| 3 | This plugin can only be used with {{formcycle/}} Version 7.0.13 or higher. | ||
| 4 | {{/version}} | ||
| 5 | {{/info}} | ||
| 6 | |||
| 7 | [[**Plugin-Download**>>https://customer.formcycle.eu/index.php/apps/files/?dir=/FORMCYCLE%20-%20Plugins%20Customer/fc-plugin-malware-scanner/ClamAV&fileid=40404]] (requires login) | ||
| 8 | |||
| 9 | {{content/}} | ||
| 10 | |||
| 11 | With the free //ClamAV// plugin for {{formcycle/}} it is possible to scan uploaded files for viruses. For this purpose, this plugin establishes a connection to a //ClamAV// daemon service via TCP. | ||
| 12 | |||
| 13 | == Functionality == | ||
| 14 | |||
| 15 | ; Immediate virus scan | ||
| 16 | : Each file is scanned immediately after upload. | ||
| 17 | |||
| 18 | The used //ClamAV//-daemon service can neither be configured nor started by this plugin. | ||
| 19 | |||
| 20 | == Installation == | ||
| 21 | |||
| 22 | The installation of the plugin has to be carried out via the interface of plugins provided for this purpose. Only the corresponding //jar// file has to be installed. | ||
| 23 | |||
| 24 | {{info}} | ||
| 25 | The //ClamAV// plug-in scans files in backend and fronted. To be always available to all users it is advisable to install the plugin as a system plugin. This also avoids possible problems with double-used ports and enables a central configuration. | ||
| 26 | {{/info}} | ||
| 27 | |||
| 28 | == Plugin configuration == | ||
| 29 | |||
| 30 | After saving, a ping test is automatically performed. If this fails, a message will be displayed. In this case all uploads in the backend or in the form will be marked as faulty - the plugin should be deactivated first and a working connection should be established. | ||
| 31 | |||
| 32 | {{figure image="en_error.png" width="400"}} | ||
| 33 | If no connection can be established to the specified host, this message is displayed. | ||
| 34 | {{/figure}} | ||
| 35 | |||
| 36 | The following configuration parameters exist: | ||
| 37 | |||
| 38 | ; host (Required) | ||
| 39 | : Default value: //127.0.0.1//. Specifies the //IP// address of the //ClamAV//-daemon service to be used. The default value is //127.0.0.1// and thus uses a local //ClamAV//-daemon service. | ||
| 40 | ; port (Required) | ||
| 41 | : Default value: //3310//. Specifies the port of the //ClamAV//-daemon service to use. The default value should only be changed if this port is not available. | ||
| 42 | ; os (Optional) | ||
| 43 | : Default value: //JVM_PLATFORM//. Operating system on which the ClamAV daemon service is running. This value is only relevant if the operating system of formcycle and that of the ClamAV daemon service are different. For Linux or MacOS enter //UNIX//, for Windows enter //WINDOWS//. If both are running on the same operating system, you can leave this value blank or use //JVM_PLATFORM//. | ||
| 44 | |||
| 45 | {{info}} | ||
| 46 | //ClamAV// is intended to run on Linux-based servers. Therefore, we cannot guarantee any other support. | ||
| 47 | {{/info}} | ||
| 48 | |||
| 49 | == Configuration //ClamAV// == | ||
| 50 | |||
| 51 | The following section discusses installation and configuration of //ClamAV//. Our recommended scenario is to install {{formcycle/}} and the //ClamAV//-daemon service on the same server. | ||
| 52 | |||
| 53 | === Installation === | ||
| 54 | |||
| 55 | To install //ClamAV// on a server, the following commands should be entered on the server. | ||
| 56 | |||
| 57 | //ClamAV// is the program that can scan files for viruses and is required for the use of //ClamAV//-daemon. | ||
| 58 | |||
| 59 | ; Update the package list: | ||
| 60 | ; {{code language="shell"}} sudo apt-get update {{/code}} | ||
| 61 | |||
| 62 | ; Install //ClamAV// and //ClamAV//-daemon: | ||
| 63 | ; {{code language="shell"}} sudo apt-get install clamav clamav-daemon -y {{/code}} | ||
| 64 | |||
| 65 | === Update the virus signature database === | ||
| 66 | |||
| 67 | //freshclam// is automatically installed with //ClamAV// and is used to update the virus signature database. | ||
| 68 | |||
| 69 | ; Terminate the automatic //freshclam// process: | ||
| 70 | ; {{code language="shell"}} sudo systemctl stop clamav-freshclam {{/code}} | ||
| 71 | |||
| 72 | ; Manually update virus signature database: | ||
| 73 | ; {{code language="shell"}} sudo freshclam {{/code}} | ||
| 74 | |||
| 75 | === Configuration //ClamAV//-daemon === | ||
| 76 | |||
| 77 | //ClamAV//-daemon is the process running in the background on the server, which is addressed for the virus scan. This is done via TCP and must be configured accordingly. | ||
| 78 | |||
| 79 | For this purpose, the configuration file under: // /etc/clamav/clamd.conf // should be adapted. | ||
| 80 | |||
| 81 | Open the configuration file: | ||
| 82 | |||
| 83 | ; {{code language="shell"}} sudo nano /etc/clamav/clamd.conf {{/code}} | ||
| 84 | |||
| 85 | Use the arrow keys to navigate to the end of the file. | ||
| 86 | |||
| 87 | ; Add //TCPAddr 127.0.0.1 // | ||
| 88 | ; Add //TCPSocket 3310 // | ||
| 89 | |||
| 90 | {{lightbox image="en_clamd.conf.png"/}} | ||
| 91 | |||
| 92 | ; Specify root rights for //ClamAV//-daemon | ||
| 93 | : To do this, the row //User clamav// has to be changed to //User root// in this file. | ||
| 94 | |||
| 95 | Now you can save and exit with //Ctrl + X//. Confirm with //Y// and the Enter key. | ||
| 96 | |||
| 97 | === Starting the //ClamAV//-daemon Service === | ||
| 98 | |||
| 99 | Now the service can be started. | ||
| 100 | |||
| 101 | : Start the //ClamAV//-daemon Service: | ||
| 102 | ; {{code language="shell"}} sudo systemctl start clamav-daemon.service {{/code}} | ||
| 103 | |||
| 104 | === Checking the availability of the service === | ||
| 105 | |||
| 106 | In order for this plugin to be able to address the //ClamAV//-daemon service, the service must be listening in the right place - in this case at //127.0.0.1:3310//. This can be checked in the server's terminal. | ||
| 107 | |||
| 108 | Using //netstat// the TCP socket of the //ClamAV//-daemon service can be examined. | ||
| 109 | |||
| 110 | ; {{code language="shell"}} sudo netstat -anp | grep -E "(clam)" {{/code}} | ||
| 111 | |||
| 112 | {{lightbox image="en_tcp_test.png"/}} | ||
| 113 | |||
| 114 | If no line starting with //tcp// is seen or a different //host:port// combination is seen as //127.0.0.1:3310//, the configuration has to be checked again. | ||
| 115 | |||
| 116 | == Example configuration == | ||
| 117 | |||
| 118 | An example configuration with the above default values: | ||
| 119 | |||
| 120 | {{lightbox image="en_plugin.png"/}} | ||
| 121 | |||
| 122 | == Usage == | ||
| 123 | |||
| 124 | As soon as a virus signature has been detected, the following message is displayed: | ||
| 125 | |||
| 126 | {{lightbox image="en_virus_found.png"/}} | ||
| 127 | |||
| 128 | === Test file === | ||
| 129 | |||
| 130 | A common method for checking virus scanners is the //eicar.com// file. | ||
| 131 | At any point this test file can be uploaded and after successful configuration the message shown above should be seen. | ||
| 132 | |||
| 133 | ; [[**Wikipedia**>>https://de.wikipedia.org/wiki/EICAR-Testdatei]] | ||
| 134 | ; [[**Download**>>https://www.eicar.org/download-anti-malware-testfile/]] | ||
| 135 | |||
| 136 | === Logging === | ||
| 137 | |||
| 138 | //ClamAV// creates logs which can be found under // /var/log/clamav/clamav.log //. | ||
| 139 | |||
| 140 | For example, after uploading the //eicar.com// test file, the following entry can be seen in //clamav.log //: | ||
| 141 | |||
| 142 | ; {{code language="shell"}} Wed May 25 10:10:21 2022 -> instream(127.0.0.1@32984): Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND {{/code}} | ||
| 143 | |||
| 144 | {{formcycle/}} logs can be found for this at // /formcycle-data/formcycle7/logs //. | ||
| 145 | |||
| 146 | After uploading the //eicar.com// test file, for example, the following entry can be seen in //formcycle-errors-log //: | ||
| 147 | |||
| 148 | ; {{code language="shell"}} [WARN] [25-05-22 10:10:21,192] [ajp-nio-127.0.0.1-8009-exec-43] (MalwareScanner.java:211) - Scanner <fc.plugin.malware.scanner.clamAV. ClamAntiVirusFileScanner@7b2a4953> detected malware signature for file </home/fc/tomcat9/tmp/xima-temp/formcycle7/xfc-malware-scan/stream-scan12705251110052849842/data2383296604287452271>: {stream=[Win.Test.EICAR_HDB-1]} {{/code}} | ||
| 149 | ; {{code language="shell"}} [ERROR] [25-05-22 10:10:21,207] [ajp-nio-127.0.0.1-8009-exec-43] (VirusScannerService.java:71) - Detected a virus {{/code}} | ||
| 150 | |||
| 151 | == Version history == | ||
| 152 | |||
| 153 | === Version 1.0.3 === | ||
| 154 | |||
| 155 | * Change: The plugin is synchronized with the frontend server when one is available. This allows for malware scanning when using a frontend server. | ||
| 156 | |||
| 157 | === Version 1.0.2 === | ||
| 158 | |||
| 159 | * Remove: property for path scanning, only InputStream now. | ||
| 160 | |||
| 161 | === Version 1.0.1 === | ||
| 162 | |||
| 163 | * Fix: Skip scanning if operating system is not UNIX instead of detecting the file as a virus. | ||
| 164 | |||
| 165 | === Version 1.0.0 === | ||
| 166 | |||
| 167 | * Initial release |