files_antivirus is an antivirus app for ownCloud based on ClamAV.
The idea is to check for virus at upload-time, notifying the user (on screen and/or email) and remove the file if it's infected.
The App is not complete yet, the following works/is done:
- It can be configured to work with the executable or the daemon mode of ClamAV
- If used in daemon mode it can connect through network- or local file-socket
- In daemon mode, it sends files to a remote/local server using INSTREAM command
- When the user uploads a file, it's checked
- If an uploaded file is infected, it's deleted and a notification is shown to the user on screen and an email is sent with details.
- Tested in Linux only
- Background Job to scan all files
- Test uploading from clients
- File size limit
- Configurations Tuneups
- Other OS Testing
- Look for ideas :P
- ClamAV (Binaries or a server running ClamAV in daemon mode)
- Install and enable the App
- Go to Admin Panel and configure the App
The Files Antivirus app can support the ICAP protocol if you are using the ownCloud Enterprise Edition.
Using the ICAP mode requires a valid enterprise license. If no license key is present, it will trigger the grace period to obtain a valid key. After the expiration of the grace period / license key, the files_antivirus app will be disabled.
c-icap has a built-in clamav module see https://sourceforge.net/p/c-icap/wiki/ModulesConfiguration/
An out-of-the-box docker image for testing purpose is available at https://hub.docker.com/r/deepdiver/icap-clamav-service
For simple local testing run docker run -ti deepdiver/icap-clamav-service and get it's ip using docker inspect. The IP address needs to be setup in the configuration - see above
The request service for clamav has to be set to 'avscan' and the response header to 'X-Infection-Found'
Kaspersky provides docker images as well (https://box.kaspersky.com/d/c8d8577dc2494256b45e/) Follow the instructions in Kaspersky ScanEngine for Kubernetes.7z
Additional configuration: Enable Allow204 - this is necessary to tell kav to not send back the file contents. see https://support.kaspersky.com/ScanEngine/1.0/en-US/201151.htm
The request service for clamav has to be set to 'req' and the response header to 'X-Virus-ID'
NOTE: The older versions of KAV did not send back the virus/infection name in an icap header.
In v2.0.0 the header to transport the virus can be configured. Default: No header is sent. see https://support.kaspersky.com/ScanEngine/1.0/en-US/201214.htm
Select 'Fortinet' from the dropdown.
The request service for FortiSandbox has to be set to 'respmod' and the response header to 'X-Virus-Name'.
Fortinet privides some Demoinstances of the FortiSandbox, please have a look at the productpage from Fortinet.
Select 'McAfee Web Gateway 10.x and higher' from the dropdown.
The request service for McAfee has to be set to 'respmod' and the response header to 'X-Virus-Name'.
McAfee provides Demoversions with limited Runtime for evaluation purposes. Have a look at the McAfee Webpage for the Web Gateway.
Authors:
Manuel Delgado López :: manuel.delgado at ucr.ac.cr
Bart Visscher
Viktar Dubiniuk