Martin - I saw your post at http://moodle.org/mod/forum/discuss.php?d=10884&parent=52533 about Clam AV. While this fulfills part of our need, it doesn't address the issue of how to find the user to notify if Clam finds a virus.
I see some of the file upload functionality (like assignment) follow a naming convention for the file upload area that includes the user id in the path. This doesn't seem to be a moodle-wide convention though so we had this idea that we could wrap all file uploads in a general function that not only runs the file through the virus scanner and calls the clean_filename function, but also logs to the database a record about who uploaded the file and when - so that if cron picked it up later (it's possible an infected file could get through because of a lag in the virus definition db only to be picked up by the cron virus scan) it would be a simple matter of one sql query to find out which user to notify.
Obviously we'd also need a few more config options - ones that immediately spring to mind are:
~ Run clam on upload?
~ Run clam from cron?
~ How often?
~ What to do if clam fails to run? email admins [does this need to be a config option even?]
~ What if clam is configured to run on upload but fails to run? Quarantine the file anyway? Delete the file? At least email the admins
~ What to do if a virus is found on upload? Notify the user, and: Delete the file? Email an admin? A combination of any/all of these?
~ What to do if a virus is found by cron? (similar options except notification of user will have to switch to email)
Back to wrapping uploads in a function - something else just occured to me. I know that assignment at least deletes all the other files in the area and so therefore doesn't have to deal with filename collision, but our slightly customised version of assignment allows multiple files and so has to rename filename.txt to filename_1.txt and so on - this magical upload function would have to deal with knowing whether to care about this as well.
Actually, code probably speaks louder than words. ;)
I've written some code to do the magical scanning on upload part.
Two patches - http://nzvle.eduforge.org/clam/clam.patch (this patches admin/config.html and lib/moodlelib.php) and http://nzvle.eduforge.org/clam/clamstrings.patch which patches lib/en/moodle.php
(These are against 1.4)
All you need to do to implement this, is find a place where there's some code to deal with uploadey stuff, and replace it with a call to a function called handle_file_upload, which has the following arguments:
~ fieldname = the name of the field in the upload form (where to find the file in $_FILES)
~ destination = where to put the file (directory will be created using make_upload_directory if it doesn't exist)
~ maxbytes = module or instance specific. optional & will default to $CFG->maxbytes
~ handlecollision - optional & defaults to true. whether to check first to see if a file with the same name exists & handle it nicely (ie filename.txt becomes filename_1.txt and so on)
~ shownotices - optional & defaults to true.
This function returns the filename of the new file.
Some of the modules (like assignment for example) delete all the other files in the desination directory. This is not done by handle_file_upload, but for example in assignment you'd go
$dir = assignment_file_area($assignment, $USER);
$newfile_name = handle_file_upload('whatever',$dir);
assignment_delete_user_files($assignment, $USER, $newfile_name);
or something like that.
There are a few new config params - whether to run on upload, where clamscan or clamdscan live, what quarantine dir to use (files get deleted if this is empty), and how to behave if clam fails to run or returns an error.
Next: a php script to act as an action for a virus scan running from cron to notify users if a virus is found.
this is a php script to handle the output from a clam list of infected files:
clamscan -r --infected --no-summary 2>&1 | php thisfile.php
it goes through each file, looks it up in the log table to find the user who uploaded it, calls the handle_infected_file function that I added in the last patch, does some additional stuff and emails the user who uploaded the file, and the admins.
if it has found a virus but it can't find out who uploaded it (this could happen if you have a lot of uploads that happened before the handle_file_upload function was there), it emails the admins and tells them that too.
You will see at the top of this file that there's a require_once to the moodle config.php script. I have this script in my admin/ directory of moodle so I'm using dirname to get the path to config.php but you'd probably need to edit it to point to wherever your moodle config.php lives.
also, a patch (required for this script to work):
this patches (over patch in the previous post): lib/moodlelib.php (a little change to handle_infected_file and a new function) and lang/en/moodle.php - new strings for emailing users and admins about infected files.
So, just to make SURE SURE SURE anyone who wants this understands, you need to:
1. apply http://nzvle.eduforge.org/clam/clam.patch
2. apply http://nzvle.eduforge.org/clam/clamstrings.patch
3. apply http://nzvle.eduforge.org/clam/cronclam.patch
4. put http://nzvle.eduforge.org/clam/handlevirus.php.txt somewhere (take the .txt off the end)
5. edit it to use the correct path to moodle's config.php
6. set up a cronjob that sends the output of clamscan to the new php script: clamscan -r --infected --no-summary 2>&1 | php thisfile.php
Is this pacth already in the 1.4+ release? This is good especially when the file has virus...
I looking forward that this will be included in the next release if not inluded in the 1.4. Maybe you could consult this to Martin to include this idea...
Our delivery date is between 1.4 and 1.5 though so I will have to have a patch against STABLE as well...
Nice to know it will be available soon...
Thanks for this very important work.
I have a professor who will not accept any electronic work unless it is sent through BlackBoard which has an AntiVirus feature. She will not even accept a disk or attachments sent via e-mail. I am sure there are many folks like her and this work will remove one more obstacle so more people can use and promote Moodle.
I just hope clamAV can be installed on shared hosts. I have to go back and read their documentation.
[I still have to read up on the info you suggested about "patches" ]
I've just committed the beginning of this stuff to HEAD and posted a thread about it in the Testing New Code forum:
I haven't finished integrating it with all the modules yet, I've done assignment, exercise, forum, glossary, resource and scorm, but anyone who would be able to test it a bit, I would really appreciate!
It's pretty easy to implement, it's probably best if I just get in touch with the module maintainer.
this will all be in 1.5 though.
clamav-0.80rc3.tar.gz 2625409 Platform-Independent .gz
clamav-0.75.1.tar.gz 2777319 Platform-Independent Source .gz
- What does "rc3" mean?
- What is "tar.gz.sig" compression? I have never heard of that one before.
You're going to have trouble setting this up without root access on the box you're running moodle on.. what sort of hosting is it?
If it's your ISP or something like that, they may be running clam already .. try SSHing in and typing "which clamscan" or "which clamdscan" which will give you the path to clamscan or clamdscan if it's already installed. If you get both, clamdscan will be faster for on-upload scanning.
If it's not installed, you'll need to get them to install it for you.