[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] Re: Antwort: Re: Virus Scan during Upload



Martin,

Glad to hear it works.  Although it doesn?t scan on upload as you indicated you were looking for, but scan on deposit into the archive was the next best thing we could think of.

?

-Brian.


From: eprints-tech-bounces at ecs.soton.ac.uk [mailto:eprints-tech-bounces at ecs.soton.ac.uk] On Behalf Of martin.braendle at id.uzh.ch
Sent: Wednesday, January 27, 2016 6:51 AM
To: eprints-tech at ecs.soton.ac.uk
Subject: [EP-tech] Antwort: Re: Virus Scan during Upload


Many thanks Brian,

after solving some initial problems we got it working.

- clamd daemon must be installed and running
- port must be the same as the LocalSocket defined in /etc/clamd.conf
- the clam user running the clamd daemon must be in the same group as the apache user.

We tested with a text file containing the EICAR signature (http://www.eicar.org/download/eicar.com.txt )- works fine.
ClamAV does not recognize the EICAR signature enclosed in a pdf file using a Trojan horse file dropper (http://blog.didierstevens.com/2015/08/28/test-file-pdf-with-embedded-doc-dropping-eicar/ ), while the Antivirus scanner on my Mac did.

Best regards,

Martin

--
Dr. Martin Br?ndle
Zentrale Informatik
Universit?t Z?rich
Stampfenbachstr. 73
CH-8006 Z?rich

mail: martin.braendle at id.uzh.ch<mailto:martin.braendle at id.uzh.ch>
phone: +41 44 63 56705
fax: +41 44 63 54505
http://www.zi.uzh.ch

[Inactive hide details for "Brian D. Gregg" ---25/01/2016 16:57:16---Martin, This is what we us in our IR (running EPrints 3.2.8]"Brian D. Gregg" ---25/01/2016 16:57:16---Martin, This is what we us in our IR (running EPrints 3.2.8).  It could probably be written a bit be

Von: "Brian D. Gregg" <bdgregg at pitt.edu<mailto:bdgregg at pitt.edu>>
An: "eprints-tech at ecs.soton.ac.uk<mailto:eprints-tech at ecs.soton.ac.uk>" <eprints-tech at ecs.soton.ac.uk<mailto:eprints-tech at ecs.soton.ac.uk>>
Datum: 25/01/2016 16:57
Betreff: [EP-tech] Re: Virus Scan during Upload
Gesendet von: eprints-tech-bounces at ecs.soton.ac.uk<mailto:eprints-tech-bounces at ecs.soton.ac.uk>

________________________________



Martin,

This is what we us in our IR (running EPrints 3.2.8).  It could probably be written a bit better (obviously ? feel free to tweak as anyone sees fit), but works as is for us currently.  You will need ClamAV installed (including the associated PERL modules).

This part goes into the cfg/cfg.d/document_validate.pl file under the ?CHECKS IN HERE? comment but before the ?return ( @problems );?

        # Virus scan the uploaded files.
        my %files = $document->files;
        my $path = $document->local_path;
        while ( my ($filename, $size) = each(%files)) {
                # for each file uploaded
                use File::Scan::ClamAV<File:///\\:Scan::ClamAV>;
                my $av = new File::Scan::ClamAV(find_all<File:///\\:Scan::ClamAV(find_all> => 1, port=> '/tmp/clamd');
                my $filetoscan = "$path/$filename";
                my %caught = $av->scan("$filetoscan");
                while (my ($k,$v) = each %caught ) {
                        # Viruses Found
                        push @problems,
                                $session->html_phrase( "validate:virus_found",
                                        filename => $session->make_text($filename),
                                        virus => $session->make_text($v) );
                }
        }
        # End Virus scan.

And the HTML Phrase can go into the file cfg/lang/en/validate.xml

<epp:phrase id="validate:virus_found">The file that has been uploaded contains a virus.  The file in question is: <epc:pin name="filename"/>.  It contains the virus: <epc:pin name="virus"/>. Please remove the file and upload a virus free version.</epp:phrase>

Hope this helps or at least points you in a direction as to what you might need.

Thanks,
Brian Gregg.

Brian D. Gregg
Solutions Architect | Manager Systems Development
University of Pittsburgh | University Library System
Address: 7500 Thomas Blvd.  Room 129 Pittsburgh, PA 15208<https://maps.google.com/maps?q=7500+Thomas+Blvd,+Pittsburgh,+PA&hl=en&sll=41.117935,-77.604698&sspn=7.662465,13.73291&oq=7500+Tho&t=h&hnear=7500+Thomas+Blvd,+Pittsburgh,+Pennsylvania+15208&z=17>
Tel: (412) 648-3264 | Email: bdgregg at pitt.edu<mailto:bdgregg at pitt.edu> | Fax: (412) 648-3585
https://orcid.org/0000-0001-6541-4544



From: eprints-tech-bounces at ecs.soton.ac.uk<mailto:eprints-tech-bounces at ecs.soton.ac.uk> [mailto:eprints-tech-bounces at ecs.soton.ac.uk] On Behalf Of martin.braendle at id.uzh.ch<mailto:martin.braendle at id.uzh.ch>
Sent: Monday, January 25, 2016 10:19 AM
To: eprints-tech at ecs.soton.ac.uk<mailto:eprints-tech at ecs.soton.ac.uk>
Subject: [EP-tech] Virus Scan during Upload


Hi,

in the course of a Swiss Digital Lifecycle Management Project, we are evaluating EPrints and our repo according to the POWRR scheme (gap analysis) to find tools for digital preservation.

One criterion is virus scan of a document before it is uploaded. I have found this old thread: http://www.eprints.org/tech.php/thread-16755.html

Has anyone followed up on this, implemented a hook and is willing to share code?

Thank you for all your advice and help.

Martin

--
Dr. Martin Br?ndle
Zentrale Informatik
Universit?t Z?rich
Stampfenbachstr. 73
CH-8006 Z?rich*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/
*** EPrints developers Forum: http://forum.eprints.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20160127/fb4819af/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 105 bytes
Desc: image001.gif
Url : http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20160127/fb4819af/attachment-0001.gif