L.s.
Best regards
Bert
Sounds like a linux box remotely hosted (checked with provider). Do you have command line access to it? ClamAV, I would think, would be available to all users on the system. Apache server has a user (typically apache on RH flavored servers). If you have command line access, login and type:
which clamsdcan
That command will show the path to clamdscan which is what apache would call to scan uploaded files.
And just check other things involving a path ... what of the path to du (disk usage)? If you set that, does moodle show you a check?
Since the provider checked ... what is the path? You are NOT disclosing anything that's a security issue in these forums. Is the path: /usr/local/bin/clamdscan ?
If the path where they have installed clamdscan is in an sbin directory, then only the root users can call clamdscan.
InMotion hosting has a page that you might check:
http://www.inmotionhosting.com/support/edu/moodle/moodle-site-security/clamav-anti-virus
'spirit of sharing', Ken
Ha Ken,
It's a managed server with full access.
We checked
grep disable_functions /usr/local/lib/php.ini
disable_functions = escapeshellarg, escapeshellcmd, passthru, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, system, popen, pclose
By doing so we got an acceptance of moodle for the system path.
But executing it gave an incomplete moodle message:
We assumed that moodle requires the Moodle Clamav extension; so the provider installed the Clamav PHP extension without any change. The empty error message is still there.
So we are stuck just beyond the middle.
What would you advise about the next step? Installing a clamfix.php as suggested in a message in 2007: https://moodle.org/mod/forum/discuss.php?d=62324
Best regards
Bert
The posting you found is quite old and the script provided for Windows users and in this case, don't think it's needed.
The command I gave you ... which clamscan ... showed if one issued a clamscan command from the command line the system would find what ... returned: /usr/local/bin/clamscan
Sorry 'bout that ... should have been more clear.
clamscan is called for users of the system (all users, including the user under which apache runs) by the path: /usr/bin/clamscan
cd /usr/bin/
ls -l clamscan
and you'll see clamscan in /usr/bin/ is really symlinked to /usr/local/bin/clamscan looks like:
lrwxrwxrwx 1 root root 23 Nov 7 2014 clamscan -> /usr/local/bin/clamscan
note the symlink has different permissions for all 'others'.
Just tested a M26 with clamav scanning turned on ... CentOS but any
linux should be able to do the same. From the terminal run 'top', then
uploaded a file via drag and drop to that M26. You should see clamscan kick in on the top of the top terminal window after the upload has finished.
Setttings:
path to clamscan: /usr/bin/clamscan
See if that works after checking /usr/bin/ for existence of the symlink.
If the symlink doesn't exist for some reason, you can create one as root.
'spirit of sharing', Ken
One more thing ... since this is managed by your hosting provider, they have 'locked down' php. Those changes you are making to PHP lock down, might need to be un-done. Am not certain just how Moodle php code calls things like du and clamscan but do know there are options for those PHP functions ... php pathru, php exec, etc..
In the ini on the server where I tested, there were no disabled functions - which, I think is default for PHP on CentOS 5 and 6 at least.
Might want to check into:
http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html
or official PHP docs ... can't find any link right now but google it.
'spirit of sharing', Ken