/**
* If $CFG->runclamonupload is set, we scan a given file. (called from {@link preprocess_files()})
*
* This function will add on a uploadlog index in $file.
*
* @global object
* @global object
* @param mixed $file The file to scan from $files. or an absolute path to a file.
* @param course $course {@link $COURSE}
* @return int 1 if good, 0 if something goes wrong (opposite from actual error code from clam)
*/
function clam_scan_moodle_file(&$file, $course)
{
global $CFG, $USER;
if (is_array($file) && is_uploaded_file($file['tmp_name'])) {
// it's from $_FILES
$appendlog = true;
$fullpath = $file['tmp_name'];
} else {
if (file_exists($file)) {
// it's a path to somewhere on the filesystem!
$fullpath = $file;
} else {
return false;
// erm, what is this supposed to be then, huh?
}
}
$CFG->pathtoclam = trim($CFG->pathtoclam);
if (!$CFG->pathtoclam || !file_exists($CFG->pathtoclam) || !is_executable($CFG->pathtoclam)) {
$newreturn = 1;
$notice = get_string('clamlost', 'moodle', $CFG->pathtoclam);
if ($CFG->clamfailureonupload == 'actlikevirus') {
$notice .= "\n" . get_string('clamlostandactinglikevirus');
$notice .= "\n" . clam_handle_infected_file($fullpath);
$newreturn = false;
}
clam_message_admins($notice);
if ($appendlog) {
$file['uploadlog'] .= "\n" . get_string('clambroken');
$file['clam'] = 1;
}
return $newreturn;
// return 1 if we're allowing clam failures
}
$cmd = $CFG->pathtoclam . ' ' . $fullpath . " 2>&1";
// before we do anything we need to change perms so that clamscan can read the file (clamdscan won't work otherwise)
chmod($fullpath, $CFG->directorypermissions);
exec($cmd, $output, $return);
switch ($return) {
case 0:
// glee! we're ok.
return 1;
// translate clam return code into reasonable return code consistent with everything else.
// translate clam return code into reasonable return code consistent with everything else.
case 1:
// bad wicked evil, we have a virus.
$info = new stdClass();
if (!empty($course)) {
$info->course = format_string($course->fullname, true, array('context' => context_course::instance($course->id)));
} else {
$info->course = 'No course';
}
$info->user = fullname($USER);
$notice = get_string('virusfound', 'moodle', $info);
$notice .= "\n\n" . implode("\n", $output);
$notice .= "\n\n" . clam_handle_infected_file($fullpath);
clam_message_admins($notice);
if ($appendlog) {
$info->filename = $file['originalname'];
$file['uploadlog'] .= "\n" . get_string('virusfounduser', 'moodle', $info);
$file['virus'] = 1;
}
return false;
// in this case, 0 means bad.
// in this case, 0 means bad.
default:
// error - clam failed to run or something went wrong
$notice .= get_string('clamfailed', 'moodle', get_clam_error_code($return));
$notice .= "\n\n" . implode("\n", $output);
$newreturn = true;
if ($CFG->clamfailureonupload == 'actlikevirus') {
$notice .= "\n" . clam_handle_infected_file($fullpath);
$newreturn = false;
}
clam_message_admins($notice);
if ($appendlog) {
$file['uploadlog'] .= "\n" . get_string('clambroken');
$file['clam'] = 1;
}
return $newreturn;
// return 1 if we're allowing failures.
}
}
/**
* Scan file, throws exception in case of infected file.
*
* Please note that the scanning engine must be able to access the file,
* permissions of the file are not modified here!
*
* @static
* @param string $thefile
* @param string $filename name of the file
* @param bool $deleteinfected
*/
public static function antivir_scan_file($thefile, $filename, $deleteinfected)
{
global $CFG;
if (!is_readable($thefile)) {
// this should not happen
return;
}
if (empty($CFG->runclamonupload) or empty($CFG->pathtoclam)) {
// clam not enabled
return;
}
$CFG->pathtoclam = trim($CFG->pathtoclam);
if (!file_exists($CFG->pathtoclam) or !is_executable($CFG->pathtoclam)) {
// misconfigured clam - use the old notification for now
require "{$CFG->libdir}/uploadlib.php";
$notice = get_string('clamlost', 'moodle', $CFG->pathtoclam);
clam_message_admins($notice);
return;
}
$clamparam = ' --stdout ';
// If we are dealing with clamdscan, clamd is likely run as a different user
// that might not have permissions to access your file.
// To make clamdscan work, we use --fdpass parameter that passes the file
// descriptor permissions to clamd, which allows it to scan given file
// irrespective of directory and file permissions.
if (basename($CFG->pathtoclam) == 'clamdscan') {
$clamparam .= '--fdpass ';
}
// execute test
$cmd = escapeshellcmd($CFG->pathtoclam) . $clamparam . escapeshellarg($thefile);
exec($cmd, $output, $return);
if ($return == 0) {
// perfect, no problem found
return;
} else {
if ($return == 1) {
// infection found
if ($deleteinfected) {
unlink($thefile);
}
throw new moodle_exception('virusfounduser', 'moodle', '', array('filename' => $filename));
} else {
//unknown problem
require "{$CFG->libdir}/uploadlib.php";
$notice = get_string('clamfailed', 'moodle', get_clam_error_code($return));
$notice .= "\n\n" . implode("\n", $output);
clam_message_admins($notice);
if ($CFG->clamfailureonupload === 'actlikevirus') {
if ($deleteinfected) {
unlink($thefile);
}
throw new moodle_exception('virusfounduser', 'moodle', '', array('filename' => $filename));
} else {
return;
}
}
}
}
/**
* Scan file, throws exception in case of infected file.
*
* Please note that the scanning engine must be able to access the file,
* permissions of the file are not modified here!
*
* @static
* @param string $thefile
* @param string $filename name of the file
* @param bool $deleteinfected
*/
public static function antivir_scan_file($thefile, $filename, $deleteinfected)
{
global $CFG;
if (!is_readable($thefile)) {
// this should not happen
return;
}
if (empty($CFG->runclamonupload) or empty($CFG->pathtoclam)) {
// clam not enabled
return;
}
$CFG->pathtoclam = trim($CFG->pathtoclam);
if (!file_exists($CFG->pathtoclam) or !is_executable($CFG->pathtoclam)) {
// misconfigured clam - use the old notification for now
require "{$CFG->libdir}/uploadlib.php";
$notice = get_string('clamlost', 'moodle', $CFG->pathtoclam);
clam_message_admins($notice);
return;
}
// do NOT mess with permissions here, the calling party is responsible for making
// sure the scanner engine can access the files!
// execute test
$cmd = escapeshellcmd($CFG->pathtoclam) . ' --stdout ' . escapeshellarg($thefile);
exec($cmd, $output, $return);
if ($return == 0) {
// perfect, no problem found
return;
} else {
if ($return == 1) {
// infection found
if ($deleteinfected) {
unlink($thefile);
}
throw new moodle_exception('virusfounduser', 'moodle', '', array('filename' => $filename));
} else {
//unknown problem
require "{$CFG->libdir}/uploadlib.php";
$notice = get_string('clamfailed', 'moodle', get_clam_error_code($return));
$notice .= "\n\n" . implode("\n", $output);
clam_message_admins($notice);
if ($CFG->clamfailureonupload === 'actlikevirus') {
if ($deleteinfected) {
unlink($thefile);
}
throw new moodle_exception('virusfounduser', 'moodle', '', array('filename' => $filename));
} else {
return;
}
}
}
}
/**
* If $CFG->runclamonupload is set, we scan a given file. (called from {@link preprocess_files()})
*
* This function will add on a uploadlog index in $file.
* @param mixed $file The file to scan from $files. or an absolute path to a file.
* @return int 1 if good, 0 if something goes wrong (opposite from actual error code from clam)
*/
function clam_scan_file(&$file)
{
global $CFG, $USER;
if (is_array($file) && is_uploaded_file($file['tmp_name'])) {
// it's from $_FILES
$appendlog = true;
$fullpath = $file['tmp_name'];
} else {
if (file_exists($file)) {
// it's a path to somewhere on the filesystem!
$fullpath = $file;
} else {
return false;
// erm, what is this supposed to be then, huh?
}
}
$CFG->pathtoclam = trim($CFG->pathtoclam);
if (!$CFG->pathtoclam || !file_exists($CFG->pathtoclam) || !is_executable($CFG->pathtoclam)) {
$newreturn = 1;
$notice = sprintf(__gettext('Yupana is configured to run clam on file upload, but the path supplied to Clam AV, %s, is invalid.'), $CFG->pathtoclam);
if ($CFG->clamfailureonupload == 'actlikevirus') {
$notice .= "\n" . __gettext('In addition, Yupana is configured so that if clam fails to run, files are treated like viruses. This essentially means that no student can upload a file successfully until you fix this.');
$notice .= "\n" . clam_handle_infected_file($fullpath);
$newreturn = false;
}
clam_mail_admins($notice);
if ($appendlog) {
$file['uploadlog'] .= "\n" . __gettext('Your administrator has enabled virus checking for file uploads but has misconfigured something.<br />Your file upload was NOT successful. Your administrator has been emailed to notify them so they can fix it.<br />Maybe try uploading this file later.');
$file['clam'] = 1;
}
return $newreturn;
// return 1 if we're allowing clam failures
}
$cmd = $CFG->pathtoclam . ' ' . $fullpath . " 2>&1";
// before we do anything we need to change perms so that clamscan can read the file (clamdscan won't work otherwise)
chmod($fullpath, 0644);
exec($cmd, $output, $return);
switch ($return) {
case 0:
// glee! we're ok.
return 1;
// translate clam return code into reasonable return code consistent with everything else.
// translate clam return code into reasonable return code consistent with everything else.
case 1:
// bad wicked evil, we have a virus.
$info->user = $USER->name;
$notice = sprintf(__gettext('Attention administrator! Clam AV has found a virus in a file uploaded by %s. Here is the output of clamscan:'), $info->user);
$notice .= "\n\n" . implode("\n", $output);
$notice .= "\n\n" . clam_handle_infected_file($fullpath);
clam_mail_admins($notice);
if ($appendlog) {
$info->filename = $file['originalname'];
$file['uploadlog'] .= "\n" . sprintf(__gettext('The file you have uploaded, %s, has been scanned by a virus checker and found to be infected! Your file upload was NOT successful.'), $info->filename);
$file['virus'] = 1;
}
return false;
// in this case, 0 means bad.
// in this case, 0 means bad.
default:
// error - clam failed to run or something went wrong
$notice .= sprintf(__gettext('Clam AV has failed to run. The return error message was %s. Here is the output from Clam:'), get_clam_error_code($return));
$notice .= "\n\n" . implode("\n", $output);
$newreturn = true;
if ($CFG->clamfailureonupload == 'actlikevirus') {
$notice .= "\n" . clam_handle_infected_file($fullpath);
$newreturn = false;
}
clam_mail_admins($notice);
if ($appendlog) {
$file['uploadlog'] .= "\n" . __gettext('Your administrator has enabled virus checking for file uploads but has misconfigured something.<br />Your file upload was NOT successful. Your administrator has been emailed to notify them so they can fix it.<br />Maybe try uploading this file later.');
$file['clam'] = 1;
}
return $newreturn;
// return 1 if we're allowing failures.
}
}
/**
* Scan a file for viruses using clamav.
*
* @param mixed $file The file to scan from $files. or an absolute path to a file.
* @return false if no errors, or a string if there's an error.
*/
function mahara_clam_scan_file($file, $inputindex = null)
{
if (isset($inputindex)) {
$tmpname = $file['tmp_name'][$inputindex];
} else {
if (is_array($file)) {
$tmpname = $file['tmp_name'];
}
}
if (is_array($file) && is_uploaded_file($tmpname)) {
// it's from $_FILES
$fullpath = $tmpname;
} else {
if (file_exists($file)) {
$fullpath = $file;
} else {
throw new SystemException('mahara_clam_scan_file: not called correctly, read phpdoc for this function');
}
}
$pathtoclam = escapeshellcmd(trim(get_config('pathtoclam')));
if (!$pathtoclam) {
return false;
}
if (!file_exists($pathtoclam) || !is_executable($pathtoclam)) {
clam_mail_admins(get_string('clamlost', 'mahara', $pathtoclam));
clam_handle_infected_file($fullpath);
return get_string('clambroken');
}
$clamparam = ' ';
// If we are dealing with clamdscan, clamd is likely run as a different user
// that might not have permissions to access your file.
// To make clamdscan work, we use --fdpass parameter that passes the file
// descriptor permissions to clamd, which allows it to scan given file
// irrespective of directory and file permissions.
if (basename($pathtoclam) == 'clamdscan') {
$clamparam .= '--fdpass ';
}
$cmd = $pathtoclam . $clamparam . escapeshellarg($fullpath) . " 2>&1";
exec($cmd, $output, $return);
switch ($return) {
case 0:
// glee! we're ok.
return false;
// no error
// no error
case 1:
// bad wicked evil, we have a virus.
global $USER;
$userid = $USER->get('id');
clam_handle_infected_file($fullpath);
// Notify admins if user has uploaded more than 3 infected
// files in the last month
if (count_records_sql('
SELECT
COUNT(*)
FROM {usr_infectedupload}
WHERE usr = ? AND time > ?', array($userid, db_format_timestamp(time() - 60 * 60 * 24 * 30))) >= 2) {
log_debug('sending virusrepeat notification');
$data = (object) array('username' => $USER->get('username'), 'userid' => $userid, 'fullname' => full_name());
require_once 'activity.php';
activity_occurred('virusrepeat', $data);
}
$data = (object) array('usr' => $userid, 'time' => db_format_timestamp(time()));
insert_record('usr_infectedupload', $data, 'id');
return get_string('virusfounduser', 'mahara', display_name($USER));
default:
// error - clam failed to run or something went wrong
$notice = get_string('clamfailed', 'mahara', get_clam_error_code($return));
$notice .= "\n\n" . implode("\n", $output);
$notice .= "\n" . clam_handle_infected_file($fullpath);
clam_mail_admins($notice);
return get_string('clambroken');
}
}
/**
* Scan a file for viruses using clamav.
*
* @param mixed $file The file to scan from $files. or an absolute path to a file.
* @return false if no errors, or a string if there's an error.
*/
function mahara_clam_scan_file($file)
{
if (is_array($file) && is_uploaded_file($file['tmp_name'])) {
// it's from $_FILES
$fullpath = $file['tmp_name'];
} else {
if (file_exists($file)) {
$fullpath = $file;
} else {
throw new SystemException('mahara_clam_scan_file: not called correctly, read phpdoc for this function');
}
}
$pathtoclam = escapeshellcmd(trim(get_config('pathtoclam')));
if (!$pathtoclam || !file_exists($pathtoclam) || !is_executable($pathtoclam)) {
clam_mail_admins(get_string('clamlost', 'mahara', $pathtoclam));
clam_handle_infected_file($fullpath);
return get_string('clambroken');
}
$cmd = $pathtoclam . ' ' . escapeshellarg($fullpath) . " 2>&1";
// before we do anything we need to change perms so that clamscan
// can read the file (clamdscan won't work otherwise)
chmod($fullpath, 0644);
exec($cmd, $output, $return);
switch ($return) {
case 0:
// glee! we're ok.
return false;
// no error
// no error
case 1:
// bad wicked evil, we have a virus.
global $USER;
$userid = $USER->get('id');
clam_handle_infected_file($fullpath);
// Notify admins if user has uploaded more than 3 infected
// files in the last month
if (count_records_sql('
SELECT
COUNT(*)
FROM {usr_infectedupload}
WHERE usr = ? AND time > ?', array($userid, db_format_timestamp(time() - 60 * 60 * 24 * 30))) >= 2) {
log_debug('sending virusrepeat notification');
$data = (object) array('username' => $USER->get('username'), 'userid' => $userid, 'fullname' => full_name());
require_once 'activity.php';
activity_occurred('virusrepeat', $data);
}
$data = (object) array('usr' => $userid, 'time' => db_format_timestamp(time()));
insert_record('usr_infectedupload', $data, 'id');
return get_string('virusfounduser', 'mahara', display_name($USER));
default:
// error - clam failed to run or something went wrong
$notice = get_string('clamfailed', 'mahara', get_clam_error_code($return));
$notice .= "\n\n" . implode("\n", $output);
$notice .= "\n" . clam_handle_infected_file($fullpath);
clam_mail_admins($notice);
return get_string('clambroken');
}
}
