Virus Concern

Virus Concern

by Renee Citlau -
Number of replies: 10

I'm a high school computer teacher.  The district Webmaster loaded Moodle on our district server for me.  I have been successfully using Moodle for a year and have trained dozens of teachers and helped them setup sites at their schools.  In addition, I have created a Moodle site for our Professional Development office, and we're having our first online meeting in December.

Unfortunately, the district I work at is concerned about getting viruses from files uploaded or downloaded to moodle on our district server and have now stopped all new Moodle sites within our district.

What are other sites doing to prevent viruses on their servers?  It sounds like a valid concern, but there must be a reasonalble solution.  I would like to get as much information as possible before I go in and talk to them and would be extremely grateful for suggestions.

Average of ratings: -
In reply to Renee Citlau

Re: Virus Concern

by Genner Cerna -
I think 1.5 has implemented the virus scaning when uploading a file... But not sure if it is included on the next release of moodle.

Try to ask Martin...
Average of ratings: -
In reply to Genner Cerna

Re: Virus Concern

by Martin Dougiamas -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers
That is correct, Moodle 1.5 works together with ClamAV (an open source anti-virus program for Linux) to scan all incoming files (at the time they are uploaded) for known viruses (this includes assignments, attachments, etc etc)
Average of ratings: -
In reply to Martin Dougiamas

Re: Virus Concern

by Sunyee W -
Thanks for all this wonderful input and clarification!
Average of ratings: -
In reply to Renee Citlau

Re: Virus Concern

by David Scotson -

It sounds like you are saying that they think the server itself will get a virus from files uploaded to Moodle.

I believe this is impossible, and if it was possible, it would be yet another good reason to use Linux or Mac OS X on the server.

Even if you are talking about users getting viruses, which is more likely though not in any way Moodle specific, it sounds like a hysterical over-reaction to me and you should find a way to calm their nerves.

Average of ratings: -
In reply to Renee Citlau

Re: Virus Concern

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
I'm sorry, but over-reaction like this really annoys me (your 'District' people  - not you), especially as there had been quite a lot of discussion about this in the past.

Firstly.... moodle only stores uploaded files, nothing else. You will *not* get a virus on your server - it can't happen. There is however a small-ish risk that a virus uploaded to the server and then downloaded onto a PC may pass the virus on to that PC, but we have to be realistic and measured about this. The fact is it is not a Moodle issue.

If you allow users to upload files to a server then it is common sense and good practice to virus scan them. This is nothing to do with Moodle it is just a fact of life. There are plenty of server based virus scanners that will scan file store areas. You will have *exactly* the same issue with any software (or simply a file server) that allows users to place files there.
Average of ratings: -
In reply to Renee Citlau

Re: Virus Concern

by Bob Boufford -

Hi,

I'll chime in and agree with Howard that the server is not the problem. This is a perennial question that comes up on the other CMS users lists all the time. And implementing a server-based virus scanner, while helpful in scanning for viruses, may result in a huge performance hit.

For the other CMSs, the ongoing recommendations is alway to educate the user on proper virus protection. If students are uploading files, they should scan their files before uploading. Other students and the instructors should scan the files while downloading or before opening the files. And of course, always keep virus definitions up-to-date.

Cheers,

Bob

Average of ratings: -
In reply to Renee Citlau

Re: Virus Concern

by Michael Penney -
Point out to your district people that since the server is not executing the files that are uploaded, it can't get virus from them.

If they don't understand this, ask them (or better their boss) how in the world they got their job?

If the above seems unfeasable, you could point out that the time saved by teachers in using Moodle for their classes far outweighs the cost of buying virus scanning software and having it scan your moodle data directory for viruses.

As others have pointed out, this will cause a performance hit, but that gives them an excuse to buy a faster machine, which techies generally lovesmile.

If that fails, make the same point regarding time saving/better efficiency/if you are in the US, compliance with no child left behind, etc., to the district admins, and ask them to take enough $ ($60-$100/month will get you your own machine) out of the technology budget to get webspace on a commercial webhosting servicewink.


Average of ratings: -
In reply to Michael Penney

Re: Virus Concern

by Sunyee W -
*waves to Renee* Hi everyone, am also from the district as Renee and I have a concern/question regarding this virus issue.

From Michael's prior post, "Point out to your district people that since the server is not executing the files that are uploaded, it can't get virus from them."

I need clarification on "execution" of the files. If a student accidentally uploaded a word document that's been infected with a computer virus at home onto moodle and after submitting it to Moodle, the student opens to view the file, isn't that executing/opening the file directly on the Moodle server??? Or is that considered downloading/executing/opening the file directly onto their OWN computer??

I'm thinking of hosting Moodle on a paid web-hosted server and I would feel better for future Moodle releases if there could be an add-on virus scan feature for uploading files onto Moodle.

Average of ratings: -
In reply to Sunyee W

Re: Virus Concern

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Execution of files: The file is never executed, opened or anything else on the Moodle server. The file is downloaded and opened on the user's machine.

In this day and age I would not like to see a PC without ant-virus software on it. However, from a system administrators point of view, I would advocate scanning all uploaded files on a server file-store of any kind. I remain to be convinced that this is an issue for Moodle. Your best bet is to purchase your own server based ant-virus software and point it at your Moodle datafiles area (and similarly for any other file areas on the server).

I do understand that this may not be possible on a hosted server. Tricky mixed
Average of ratings: -
In reply to Sunyee W

Re: Virus Concern

by Michael Penney -
the student opens to view the file, isn't that executing/opening the file directly on the Moodle server???

No, the file is downloaded and opened on the student's machine. Such files could spread a virus from one user to another, but they can't infect the server.

If the clients all have updated virus software, they should be fine. If you have your own Moodle server or a Moodle parter, you can have an AV application loaded on the server that will scan files as they are uploaded, but this is a protection for the clients, the server is safe either way.


Average of ratings: -