/**
* If $CFG->runclamonupload is set, we scan a given file. (called from {@link preprocess_files()})
*
* This function will add on a uploadlog index in $file.
*
* @global object
* @global object
* @param mixed $file The file to scan from $files. or an absolute path to a file.
* @param course $course {@link $COURSE}
* @return int 1 if good, 0 if something goes wrong (opposite from actual error code from clam)
*/
function clam_scan_moodle_file(&$file, $course)
{
global $CFG, $USER;
if (is_array($file) && is_uploaded_file($file['tmp_name'])) {
// it's from $_FILES
$appendlog = true;
$fullpath = $file['tmp_name'];
} else {
if (file_exists($file)) {
// it's a path to somewhere on the filesystem!
$fullpath = $file;
} else {
return false;
// erm, what is this supposed to be then, huh?
}
}
$CFG->pathtoclam = trim($CFG->pathtoclam);
if (!$CFG->pathtoclam || !file_exists($CFG->pathtoclam) || !is_executable($CFG->pathtoclam)) {
$newreturn = 1;
$notice = get_string('clamlost', 'moodle', $CFG->pathtoclam);
if ($CFG->clamfailureonupload == 'actlikevirus') {
$notice .= "\n" . get_string('clamlostandactinglikevirus');
$notice .= "\n" . clam_handle_infected_file($fullpath);
$newreturn = false;
}
clam_message_admins($notice);
if ($appendlog) {
$file['uploadlog'] .= "\n" . get_string('clambroken');
$file['clam'] = 1;
}
return $newreturn;
// return 1 if we're allowing clam failures
}
$cmd = $CFG->pathtoclam . ' ' . $fullpath . " 2>&1";
// before we do anything we need to change perms so that clamscan can read the file (clamdscan won't work otherwise)
chmod($fullpath, $CFG->directorypermissions);
exec($cmd, $output, $return);
switch ($return) {
case 0:
// glee! we're ok.
return 1;
// translate clam return code into reasonable return code consistent with everything else.
// translate clam return code into reasonable return code consistent with everything else.
case 1:
// bad wicked evil, we have a virus.
$info = new stdClass();
if (!empty($course)) {
$info->course = format_string($course->fullname, true, array('context' => context_course::instance($course->id)));
} else {
$info->course = 'No course';
}
$info->user = fullname($USER);
$notice = get_string('virusfound', 'moodle', $info);
$notice .= "\n\n" . implode("\n", $output);
$notice .= "\n\n" . clam_handle_infected_file($fullpath);
clam_message_admins($notice);
if ($appendlog) {
$info->filename = $file['originalname'];
$file['uploadlog'] .= "\n" . get_string('virusfounduser', 'moodle', $info);
$file['virus'] = 1;
}
return false;
// in this case, 0 means bad.
// in this case, 0 means bad.
default:
// error - clam failed to run or something went wrong
$notice .= get_string('clamfailed', 'moodle', get_clam_error_code($return));
$notice .= "\n\n" . implode("\n", $output);
$newreturn = true;
if ($CFG->clamfailureonupload == 'actlikevirus') {
$notice .= "\n" . clam_handle_infected_file($fullpath);
$newreturn = false;
}
clam_message_admins($notice);
if ($appendlog) {
$file['uploadlog'] .= "\n" . get_string('clambroken');
$file['clam'] = 1;
}
return $newreturn;
// return 1 if we're allowing failures.
}
}
$entry = fgets($fd);
if (strlen(trim($entry)) == 0) {
continue;
}
if (!($file = validate_line($entry))) {
continue;
}
$bits = explode('/', $file);
$a->filename = $bits[count($bits) - 1];
if (!($log = get_record("log", "module", "upload", "info", $file, "action", "upload"))) {
$a->action = clam_handle_infected_file($file, 0, false);
clam_replace_infected_file($file);
notify_admins_unknown($file, $a);
continue;
}
$action = clam_handle_infected_file($file, $log->userid, true);
clam_replace_infected_file($file);
$user = get_record("user", "id", $log->userid);
$course = get_record("course", "id", $log->course);
$subject = get_string('virusfoundsubject', 'moodle', format_string($site->fullname));
$a->date = userdate($log->time);
$a->action = $action;
$a->course = $course->fullname;
$a->user = fullname($user);
notify_user($user, $subject, $a);
notify_admins($user, $subject, $a);
}
fclose($fd);
function notify_user($user, $subject, $a)
{
if (!$user) {
/**
* Scan a file for viruses using clamav.
*
* @param mixed $file The file to scan from $files. or an absolute path to a file.
* @return false if no errors, or a string if there's an error.
*/
function mahara_clam_scan_file($file, $inputindex = null)
{
if (isset($inputindex)) {
$tmpname = $file['tmp_name'][$inputindex];
} else {
if (is_array($file)) {
$tmpname = $file['tmp_name'];
}
}
if (is_array($file) && is_uploaded_file($tmpname)) {
// it's from $_FILES
$fullpath = $tmpname;
} else {
if (file_exists($file)) {
$fullpath = $file;
} else {
throw new SystemException('mahara_clam_scan_file: not called correctly, read phpdoc for this function');
}
}
$pathtoclam = escapeshellcmd(trim(get_config('pathtoclam')));
if (!$pathtoclam) {
return false;
}
if (!file_exists($pathtoclam) || !is_executable($pathtoclam)) {
clam_mail_admins(get_string('clamlost', 'mahara', $pathtoclam));
clam_handle_infected_file($fullpath);
return get_string('clambroken');
}
$clamparam = ' ';
// If we are dealing with clamdscan, clamd is likely run as a different user
// that might not have permissions to access your file.
// To make clamdscan work, we use --fdpass parameter that passes the file
// descriptor permissions to clamd, which allows it to scan given file
// irrespective of directory and file permissions.
if (basename($pathtoclam) == 'clamdscan') {
$clamparam .= '--fdpass ';
}
$cmd = $pathtoclam . $clamparam . escapeshellarg($fullpath) . " 2>&1";
exec($cmd, $output, $return);
switch ($return) {
case 0:
// glee! we're ok.
return false;
// no error
// no error
case 1:
// bad wicked evil, we have a virus.
global $USER;
$userid = $USER->get('id');
clam_handle_infected_file($fullpath);
// Notify admins if user has uploaded more than 3 infected
// files in the last month
if (count_records_sql('
SELECT
COUNT(*)
FROM {usr_infectedupload}
WHERE usr = ? AND time > ?', array($userid, db_format_timestamp(time() - 60 * 60 * 24 * 30))) >= 2) {
log_debug('sending virusrepeat notification');
$data = (object) array('username' => $USER->get('username'), 'userid' => $userid, 'fullname' => full_name());
require_once 'activity.php';
activity_occurred('virusrepeat', $data);
}
$data = (object) array('usr' => $userid, 'time' => db_format_timestamp(time()));
insert_record('usr_infectedupload', $data, 'id');
return get_string('virusfounduser', 'mahara', display_name($USER));
default:
// error - clam failed to run or something went wrong
$notice = get_string('clamfailed', 'mahara', get_clam_error_code($return));
$notice .= "\n\n" . implode("\n", $output);
$notice .= "\n" . clam_handle_infected_file($fullpath);
clam_mail_admins($notice);
return get_string('clambroken');
}
}
/**
* If $CFG->runclamonupload is set, we scan a given file. (called from {@link preprocess_files()})
*
* This function will add on a uploadlog index in $file.
* @param mixed $file The file to scan from $files. or an absolute path to a file.
* @return int 1 if good, 0 if something goes wrong (opposite from actual error code from clam)
*/
function clam_scan_file(&$file)
{
global $CFG, $USER;
if (is_array($file) && is_uploaded_file($file['tmp_name'])) {
// it's from $_FILES
$appendlog = true;
$fullpath = $file['tmp_name'];
} else {
if (file_exists($file)) {
// it's a path to somewhere on the filesystem!
$fullpath = $file;
} else {
return false;
// erm, what is this supposed to be then, huh?
}
}
$CFG->pathtoclam = trim($CFG->pathtoclam);
if (!$CFG->pathtoclam || !file_exists($CFG->pathtoclam) || !is_executable($CFG->pathtoclam)) {
$newreturn = 1;
$notice = sprintf(__gettext('Yupana is configured to run clam on file upload, but the path supplied to Clam AV, %s, is invalid.'), $CFG->pathtoclam);
if ($CFG->clamfailureonupload == 'actlikevirus') {
$notice .= "\n" . __gettext('In addition, Yupana is configured so that if clam fails to run, files are treated like viruses. This essentially means that no student can upload a file successfully until you fix this.');
$notice .= "\n" . clam_handle_infected_file($fullpath);
$newreturn = false;
}
clam_mail_admins($notice);
if ($appendlog) {
$file['uploadlog'] .= "\n" . __gettext('Your administrator has enabled virus checking for file uploads but has misconfigured something.<br />Your file upload was NOT successful. Your administrator has been emailed to notify them so they can fix it.<br />Maybe try uploading this file later.');
$file['clam'] = 1;
}
return $newreturn;
// return 1 if we're allowing clam failures
}
$cmd = $CFG->pathtoclam . ' ' . $fullpath . " 2>&1";
// before we do anything we need to change perms so that clamscan can read the file (clamdscan won't work otherwise)
chmod($fullpath, 0644);
exec($cmd, $output, $return);
switch ($return) {
case 0:
// glee! we're ok.
return 1;
// translate clam return code into reasonable return code consistent with everything else.
// translate clam return code into reasonable return code consistent with everything else.
case 1:
// bad wicked evil, we have a virus.
$info->user = $USER->name;
$notice = sprintf(__gettext('Attention administrator! Clam AV has found a virus in a file uploaded by %s. Here is the output of clamscan:'), $info->user);
$notice .= "\n\n" . implode("\n", $output);
$notice .= "\n\n" . clam_handle_infected_file($fullpath);
clam_mail_admins($notice);
if ($appendlog) {
$info->filename = $file['originalname'];
$file['uploadlog'] .= "\n" . sprintf(__gettext('The file you have uploaded, %s, has been scanned by a virus checker and found to be infected! Your file upload was NOT successful.'), $info->filename);
$file['virus'] = 1;
}
return false;
// in this case, 0 means bad.
// in this case, 0 means bad.
default:
// error - clam failed to run or something went wrong
$notice .= sprintf(__gettext('Clam AV has failed to run. The return error message was %s. Here is the output from Clam:'), get_clam_error_code($return));
$notice .= "\n\n" . implode("\n", $output);
$newreturn = true;
if ($CFG->clamfailureonupload == 'actlikevirus') {
$notice .= "\n" . clam_handle_infected_file($fullpath);
$newreturn = false;
}
clam_mail_admins($notice);
if ($appendlog) {
$file['uploadlog'] .= "\n" . __gettext('Your administrator has enabled virus checking for file uploads but has misconfigured something.<br />Your file upload was NOT successful. Your administrator has been emailed to notify them so they can fix it.<br />Maybe try uploading this file later.');
$file['clam'] = 1;
}
return $newreturn;
// return 1 if we're allowing failures.
}
}
/**
* Scan a file for viruses using clamav.
*
* @param mixed $file The file to scan from $files. or an absolute path to a file.
* @return false if no errors, or a string if there's an error.
*/
function mahara_clam_scan_file($file)
{
if (is_array($file) && is_uploaded_file($file['tmp_name'])) {
// it's from $_FILES
$fullpath = $file['tmp_name'];
} else {
if (file_exists($file)) {
$fullpath = $file;
} else {
throw new SystemException('mahara_clam_scan_file: not called correctly, read phpdoc for this function');
}
}
$pathtoclam = escapeshellcmd(trim(get_config('pathtoclam')));
if (!$pathtoclam || !file_exists($pathtoclam) || !is_executable($pathtoclam)) {
clam_mail_admins(get_string('clamlost', 'mahara', $pathtoclam));
clam_handle_infected_file($fullpath);
return get_string('clambroken');
}
$cmd = $pathtoclam . ' ' . escapeshellarg($fullpath) . " 2>&1";
// before we do anything we need to change perms so that clamscan
// can read the file (clamdscan won't work otherwise)
chmod($fullpath, 0644);
exec($cmd, $output, $return);
switch ($return) {
case 0:
// glee! we're ok.
return false;
// no error
// no error
case 1:
// bad wicked evil, we have a virus.
global $USER;
$userid = $USER->get('id');
clam_handle_infected_file($fullpath);
// Notify admins if user has uploaded more than 3 infected
// files in the last month
if (count_records_sql('
SELECT
COUNT(*)
FROM {usr_infectedupload}
WHERE usr = ? AND time > ?', array($userid, db_format_timestamp(time() - 60 * 60 * 24 * 30))) >= 2) {
log_debug('sending virusrepeat notification');
$data = (object) array('username' => $USER->get('username'), 'userid' => $userid, 'fullname' => full_name());
require_once 'activity.php';
activity_occurred('virusrepeat', $data);
}
$data = (object) array('usr' => $userid, 'time' => db_format_timestamp(time()));
insert_record('usr_infectedupload', $data, 'id');
return get_string('virusfounduser', 'mahara', display_name($USER));
default:
// error - clam failed to run or something went wrong
$notice = get_string('clamfailed', 'mahara', get_clam_error_code($return));
$notice .= "\n\n" . implode("\n", $output);
$notice .= "\n" . clam_handle_infected_file($fullpath);
clam_mail_admins($notice);
return get_string('clambroken');
}
}
