/files_antivirus

:space_invader: virus scanner for ownCloud

Primary LanguageJavaScriptGNU Affero General Public License v3.0AGPL-3.0

ownCloud Antivirus App

files_antivirus is an antivirus app for ownCloud based on ClamAV.

Details

The idea is to check for virus at upload-time, notifying the user (on screen and/or email) and remove the file if it's infected.

QA metrics on master branch:

Build Status Quality Gate Status Security Rating Coverage

Status

The App is not complete yet, the following works/is done:

  • It can be configured to work with the executable or the daemon mode of ClamAV
  • If used in daemon mode it can connect through network- or local file-socket
  • In daemon mode, it sends files to a remote/local server using INSTREAM command
  • When the user uploads a file, it's checked
  • If an uploaded file is infected, it's deleted and a notification is shown to the user on screen and an email is sent with details.
  • Tested in Linux only
  • Background Job to scan all files
  • Test uploading from clients
  • File size limit

ToDo

  • Configurations Tuneups
  • Other OS Testing
  • Look for ideas :P

Requirements

  • ClamAV (Binaries or a server running ClamAV in daemon mode)

Install

  • Install and enable the App
  • Go to Admin Panel and configure the App

Enterprise Feature: ICAP Antivirus integration

The Files Antivirus app can support the ICAP protocol if you are using the ownCloud Enterprise Edition.

Using the ICAP mode requires a valid enterprise license. If no license key is present, it will trigger the grace period to obtain a valid key. After the expiration of the grace period / license key, the files_antivirus app will be disabled.

Run with c-icap/clamav

c-icap has a built-in clamav module see https://sourceforge.net/p/c-icap/wiki/ModulesConfiguration/

An out-of-the-box docker image for testing purpose is available at https://hub.docker.com/r/deepdiver/icap-clamav-service

For simple local testing run docker run -ti deepdiver/icap-clamav-service and get it's ip using docker inspect. The IP address needs to be setup in the configuration - see above

The request service for clamav has to be set to 'avscan' and the response header to 'X-Infection-Found'

Run with Kaspersky

Kaspersky provides docker images as well (https://box.kaspersky.com/d/c8d8577dc2494256b45e/) Follow the instructions in Kaspersky ScanEngine for Kubernetes.7z

Additional configuration: Enable Allow204 - this is necessary to tell kav to not send back the file contents. see https://support.kaspersky.com/ScanEngine/1.0/en-US/201151.htm

The request service for clamav has to be set to 'req' and the response header to 'X-Virus-ID'

NOTE: The older versions of KAV did not send back the virus/infection name in an icap header.

In v2.0.0 the header to transport the virus can be configured. Default: No header is sent. see https://support.kaspersky.com/ScanEngine/1.0/en-US/201214.htm

Authors:

Manuel Delgado López :: manuel.delgado at ucr.ac.cr
Bart Visscher
Viktar Dubiniuk