MDL-50887 antivirus_clamav: Move global clamav settings to plugin level.

AMOS BEGIN
 MOV [clamfailureonupload,core],[clamfailureonupload,antivirus_clamav]
 MOV [configclamactlikevirus,core],[configclamactlikevirus,antivirus_clamav]
 MOV [configclamdonothing,core],[configclamdonothing,antivirus_clamav]
 MOV [configclamfailureonupload,core],[configclamfailureonupload,antivirus_clamav]
 MOV [configpathtoclam,core],[configpathtoclam,antivirus_clamav]
 MOV [configquarantinedir,core],[configquarantinedir,antivirus_clamav]
 MOV [configrunclamavonupload,core],[configrunclamavonupload,antivirus_clamav]
 MOV [pathtoclam,core],[pathtoclam,antivirus_clamav]
 MOV [quarantinedir,core],[quarantinedir,antivirus_clamav]
 MOV [runclamavonupload,core],[runclamavonupload,antivirus_clamav]
AMOS END

admin/settings/security.php

@@ -127,19 +127,4 @@
     }
     $temp->add(new admin_setting_configselect('notifyloginthreshold', new lang_string('notifyloginthreshold', 'admin'), new lang_string('confignotifyloginthreshold', 'admin'), '10', $options));
     $ADMIN->add('security', $temp);
-
-
-
-
-
-
-    // "antivirus" settingpage
-    $temp = new admin_settingpage('antivirus', new lang_string('antivirus', 'admin'));
-    $temp->add(new admin_setting_configcheckbox('runclamonupload', new lang_string('runclamavonupload', 'admin'), new lang_string('configrunclamavonupload', 'admin'), 0));
-    $temp->add(new admin_setting_configexecutable('pathtoclam', new lang_string('pathtoclam', 'admin'), new lang_string('configpathtoclam', 'admin'), ''));
-    $temp->add(new admin_setting_configdirectory('quarantinedir', new lang_string('quarantinedir', 'admin'), new lang_string('configquarantinedir', 'admin'), ''));
-    $temp->add(new admin_setting_configselect('clamfailureonupload', new lang_string('clamfailureonupload', 'admin'), new lang_string('configclamfailureonupload', 'admin'), 'donothing', array('donothing' => new lang_string('configclamdonothing', 'admin'),
-                                                                                                                                                                                      'actlikevirus' => new lang_string('configclamactlikevirus', 'admin'))));
-    $ADMIN->add('security', $temp);
-
 } // end of speedup

config-dist.php

@@ -807,11 +807,6 @@
 // and 'gsdll32.dll' to a new folder without a space in the path)
 //      $CFG->pathtogs = '/usr/bin/gs';
 //
-// Clam AV path.
-// Probably something like /usr/bin/clamscan or /usr/bin/clamdscan. You need
-// this in order for clam AV to run.
-//      $CFG->pathtoclam = '';
-//
 // Path to du.
 // Probably something like /usr/bin/du. If you enter this, pages that display
 // directory contents will run much faster for directories with a lot of files.

lang/en/admin.php

@@ -103,7 +103,6 @@
 $string['cannotuninstall'] = '{$a} can not be uninstalled.';
 $string['cfgwwwrootslashwarning'] = 'You have defined $CFG->wwwroot incorrectly in your config.php file. You have included a \'/\' character at the end. Please remove it, or you will experience strange bugs like <a href=\'http://tracker.moodle.org/browse/MDL-11061\'>MDL-11061</a>.';
 $string['cfgwwwrootwarning'] = 'You have defined $CFG->wwwroot incorrectly in your config.php file. It does not match the URL you are using to access this page. Please correct it, or you will experience strange bugs like <a href=\'http://tracker.moodle.org/browse/MDL-11061\'>MDL-11061</a>.';
-$string['clamfailureonupload'] = 'On clam AV failure';
 $string['cleanup'] = 'Cleanup';
 $string['clianswerno'] = 'n';
 $string['cliansweryes'] = 'y';
@@ -151,9 +150,6 @@
 $string['configbloglevel'] = 'This setting allows you to restrict the level to which user blogs can be viewed on this site.  Note that they specify the maximum context of the VIEWER not the poster or the types of blog posts.  Blogs can also be disabled completely if you don\'t want them at all.';
 $string['configcalendarcustomexport'] = 'Enable custom date range export of calendar';
 $string['configcalendarexportsalt'] = 'This random text is used for improving of security of authentication tokens used for exporting of calendars. Please note that all current tokens are invalidated if you change this hash salt.';
-$string['configclamactlikevirus'] = 'Treat files like viruses';
-$string['configclamdonothing'] = 'Treat files as OK';
-$string['configclamfailureonupload'] = 'If you have configured clam to scan uploaded files, but it is configured incorrectly or fails to run for some unknown reason, how should it behave?  If you choose \'Treat files like viruses\', they\'ll be moved into the quarantine area, or deleted. If you choose \'Treat files as OK\', the files will be moved to the destination directory like normal. Either way, admins will be alerted that clam has failed.  If you choose \'Treat files like viruses\' and for some reason clam fails to run (usually because you have entered an invalid pathtoclam), ALL files that are uploaded will be moved to the given quarantine area, or deleted. Be careful with this setting.';
 $string['configcookiehttponly'] = 'Enables new PHP 5.2.0 feature - browsers are instructed to send cookie with real http requests only, cookies should not be accessible by scripting languages. This is not supported in all browsers and it may not be fully compatible with current code. It helps to prevent some types of XSS attacks.';
 $string['configcookiesecure'] = 'If server is accepting only https connections it is recommended to enable sending of secure cookies. If enabled please make sure that web server is not accepting http:// or set up permanent redirection to https:// address. When <em>wwwroot</em> address does not start with https:// this setting is turned off automatically.';
 $string['configcountry'] = 'If you set a country here, then this country will be selected by default on new user accounts.  To force users to choose a country, just leave this unset.';
@@ -282,7 +278,6 @@
 $string['configoverride'] = 'Defined in config.php';
 $string['configpasswordpolicy'] = 'Turning this on will make Moodle check user passwords against a valid password policy. Use the settings below to specify your policy (they will be ignored if you set this to \'No\').';
 $string['configpasswordresettime'] = 'This specifies the amount of time people have to validate a password reset request before it expires. Usually 30 minutes is a good value.';
-$string['configpathtoclam'] = 'Path to clam AV.  Probably something like /usr/bin/clamscan or /usr/bin/clamdscan. You need this in order for clam AV to run.';
 $string['configpathtodu'] = 'Path to du. Probably something like /usr/bin/du. If you enter this, pages that display directory contents will run much faster for directories with a lot of files.';
 $string['configperfdebug'] = 'If you turn this on, performance info will be printed in the footer of the standard theme';
 $string['configprofileroles'] = 'List of roles that are visible on user profiles and participation page.';
@@ -294,16 +289,13 @@
 $string['configproxyport'] = 'If this server needs to use a proxy computer, then provide the proxy port here.';
 $string['configproxytype'] = 'Type of web proxy (PHP5 and cURL extension required for SOCKS5 support).';
 $string['configproxyuser'] = 'Username needed to access internet through proxy if required, empty if none (PHP cURL extension required).';
-$string['configquarantinedir'] = 'If you want clam AV to move infected files to a quarantine directory, enter it here. It must be writable by the webserver.  If you leave this blank, or if you enter a directory that doesn\'t exist or isn\'t writable, infected files will be deleted.  Do not include a trailing slash.';
 $string['configrecaptchaprivatekey'] = 'String of characters used to communicate between your Moodle server and the recaptcha server. Obtain one for this site by visiting http://www.google.com/recaptcha';
 $string['configrecaptchapublickey'] = 'String of characters used to display the reCAPTCHA element in the signup form. Generated by http://www.google.com/recaptcha';
 $string['configrequestcategoryselection'] = 'Allow the selection of a category when requesting a course.';
 $string['configrequestedstudentname'] = 'Word for student used in requested courses';
 $string['configrequestedstudentsname'] = 'Word for students used in requested courses';
 $string['configrequestedteachername'] = 'Word for teacher used in requested courses';
 $string['configrequestedteachersname'] = 'Word for teachers used in requested courses';
-$string['configrunclamavonupload'] = 'When enabled, clam AV will be used to scan all uploaded files.';
-$string['configrunclamonupload'] = 'Run clam AV on file upload? You will need a correct path in pathtoclam for this to work.  (Clam AV is a free virus scanner that you can get from http://www.clamav.net/)';
 $string['configuserquota'] = 'The maximum number of bytes that a user can store in their own private file area. {$a->bytes} bytes == {$a->displaysize}';
 $string['configsectioninterface'] = 'Interface';
 $string['configsectionmail'] = 'Mail';
@@ -788,7 +780,6 @@
 $string['passwordresettime'] = 'Maximum time to validate password reset request';
 $string['passwordreuselimit'] = 'Password rotation limit';
 $string['passwordreuselimit_desc'] = 'Number of times a user must change their password before they are allowed to reuse a password. Hashes of previously used passwords are stored in local database table. This feature might not be compatible with some external authentication plugins.';
-$string['pathtoclam'] = 'clam AV path';
 $string['pathtodot'] = 'Path to dot';
 $string['pathtodot_help'] = 'Path to dot. Probably something like /usr/bin/dot. To be able to generate graphics from DOT files, you must have installed the dot executable and point to it here. Note that, for now, this only used by the profiling features (Development->Profiling) built into Moodle.';
 $string['pathtodu'] = 'Path to du';
@@ -892,7 +883,6 @@
 $string['proxyport'] = 'Proxy port';
 $string['proxytype'] = 'Proxy type';
 $string['proxyuser'] = 'Proxy username';
-$string['quarantinedir'] = 'Quarantine directory';
 $string['question'] = 'Question';
 $string['questionbehaviours'] = 'Question behaviours';
 $string['questioncwqpfscheck'] = 'One or more \'random\' questions in a quiz are set up to select questions from a mixture of shared and unshared question categories. There is a more detailed report <a href="{$a->reporturl}">here</a> and see Moodle Docs page <a href="{$a->docsurl}">here</a>.';
@@ -941,7 +931,6 @@
 $string['riskxssshort'] = 'XSS risk';
 $string['roleswithexceptions'] = '{$a->roles}, with {$a->exceptions}';
 $string['rssglobaldisabled'] = 'Disabled at server level';
-$string['runclamavonupload'] = 'Use clam AV on uploaded files';
 $string['save'] = 'Save';
 $string['savechanges'] = 'Save changes';
 $string['search'] = 'Search';

lib/antivirus/clamav/lang/en/antivirus_clamav.php

@@ -23,4 +23,14 @@
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
 
+$string['configclamactlikevirus'] = 'Treat files like viruses';
+$string['configclamdonothing'] = 'Treat files as OK';
+$string['configclamfailureonupload'] = 'If you have configured clam to scan uploaded files, but it is configured incorrectly or fails to run for some unknown reason, how should it behave?  If you choose \'Treat files like viruses\', they\'ll be moved into the quarantine area, or deleted. If you choose \'Treat files as OK\', the files will be moved to the destination directory like normal. Either way, admins will be alerted that clam has failed.  If you choose \'Treat files like viruses\' and for some reason clam fails to run (usually because you have entered an invalid pathtoclam), ALL files that are uploaded will be moved to the given quarantine area, or deleted. Be careful with this setting.';
+$string['configpathtoclam'] = 'Path to clam AV.  Probably something like /usr/bin/clamscan or /usr/bin/clamdscan. You need this in order for clam AV to run.';
+$string['configquarantinedir'] = 'If you want clam AV to move infected files to a quarantine directory, enter it here. It must be writable by the webserver.  If you leave this blank, or if you enter a directory that doesn\'t exist or isn\'t writable, infected files will be deleted.  Do not include a trailing slash.';
+$string['configrunclamavonupload'] = 'When enabled, clam AV will be used to scan all uploaded files.';
+$string['clamfailureonupload'] = 'On clam AV failure';
+$string['pathtoclam'] = 'clam AV path';
 $string['pluginname'] = 'ClamAV antivirus';
+$string['quarantinedir'] = 'Quarantine directory';
+$string['runclamavonupload'] = 'Use clam AV on uploaded files';

lib/antivirus/clamav/settings.php

@@ -27,12 +27,12 @@
 
 if ($ADMIN->fulltree) {
     $settings->add(new admin_setting_configcheckbox('antivirus_clamav/runclamonupload',
-            new lang_string('runclamavonupload', 'admin'), new lang_string('configrunclamavonupload', 'admin'), 0));
+            new lang_string('runclamavonupload', 'antivirus_clamav'), new lang_string('configrunclamavonupload', 'antivirus_clamav'), 0));
     $settings->add(new admin_setting_configexecutable('antivirus_clamav/pathtoclam',
-            new lang_string('pathtoclam', 'admin'), new lang_string('configpathtoclam', 'admin'), ''));
+            new lang_string('pathtoclam', 'antivirus_clamav'), new lang_string('configpathtoclam', 'antivirus_clamav'), ''));
     $settings->add(new admin_setting_configdirectory('antivirus_clamav/quarantinedir',
-            new lang_string('quarantinedir', 'admin'), new lang_string('configquarantinedir', 'admin'), ''));
-    $options = array('donothing' => new lang_string('configclamdonothing', 'admin'),'actlikevirus' => new lang_string('configclamactlikevirus', 'admin'));
+            new lang_string('quarantinedir', 'antivirus_clamav'), new lang_string('configquarantinedir', 'antivirus_clamav'), ''));
+    $options = array('donothing' => new lang_string('configclamdonothing', 'antivirus_clamav'), 'actlikevirus' => new lang_string('configclamactlikevirus', 'antivirus_clamav'));
     $settings->add(new admin_setting_configselect('antivirus_clamav/clamfailureonupload',
-            new lang_string('clamfailureonupload', 'admin'), new lang_string('configclamfailureonupload', 'admin'), 'donothing', $options));
+            new lang_string('clamfailureonupload', 'antivirus_clamav'), new lang_string('configclamfailureonupload', 'antivirus_clamav'), 'donothing', $options));
 }

lib/behat/lib.php

@@ -165,7 +165,7 @@ function behat_clean_init_config() {
         'wwwroot', 'dataroot', 'dirroot', 'admin', 'directorypermissions', 'filepermissions',
         'umaskpermissions', 'dbtype', 'dblibrary', 'dbhost', 'dbname', 'dbuser', 'dbpass', 'prefix',
         'dboptions', 'proxyhost', 'proxyport', 'proxytype', 'proxyuser', 'proxypassword',
-        'proxybypass', 'theme', 'pathtogs', 'pathtoclam', 'pathtodu', 'aspellpath', 'pathtodot', 'skiplangupgrade',
+        'proxybypass', 'theme', 'pathtogs', 'pathtodu', 'aspellpath', 'pathtodot', 'skiplangupgrade',
         'altcacheconfigpath'
     ));
 

lib/db/upgrade.php

@@ -1416,5 +1416,40 @@ function xmldb_main_upgrade($oldversion) {
         upgrade_main_savepoint(true, 2016021501.00);
     }
 
+    if ($oldversion < 2016022500.01) {
+
+        // MDL-50887. Implement plugins infrastructure for antivirus and create ClamAV plugin.
+        // This routine moves core ClamAV configuration to plugin level.
+
+        // If clamav was configured and enabled, enable the plugin.
+        if (!empty($CFG->runclamonupload) && !empty($CFG->pathtoclam)) {
+            set_config('antiviruses', 'clamav');
+        } else {
+            set_config('antiviruses', '');
+        }
+
+        if (isset($CFG->runclamonupload)) {
+            // Just unset global configuration, we have already enabled the plugin
+            // which implies that ClamAV will be used for scanning uploaded files.
+            unset_config('runclamonupload');
+        }
+        // Move core ClamAV configuration settings to plugin.
+        if (isset($CFG->pathtoclam)) {
+            set_config('pathtoclam', $CFG->pathtoclam, 'antivirus_clamav');
+            unset_config('pathtoclam');
+        }
+        if (isset($CFG->quarantinedir)) {
+            set_config('quarantinedir', $CFG->quarantinedir, 'antivirus_clamav');
+            unset_config('quarantinedir');
+        }
+        if (isset($CFG->clamfailureonupload)) {
+            set_config('clamfailureonupload', $CFG->clamfailureonupload, 'antivirus_clamav');
+            unset_config('clamfailureonupload');
+        }
+
+        // Main savepoint reached.
+        upgrade_main_savepoint(true, 2016022500.01);
+    }
+
     return true;
 }

lib/phpunit/bootstrap.php

@@ -185,7 +185,7 @@
 $allowed = array('wwwroot', 'dataroot', 'dirroot', 'admin', 'directorypermissions', 'filepermissions',
                  'dbtype', 'dblibrary', 'dbhost', 'dbname', 'dbuser', 'dbpass', 'prefix', 'dboptions',
                  'proxyhost', 'proxyport', 'proxytype', 'proxyuser', 'proxypassword', 'proxybypass', // keep proxy settings from config.php
-                 'altcacheconfigpath', 'pathtogs', 'pathtoclam', 'pathtodu', 'aspellpath', 'pathtodot'
+                 'altcacheconfigpath', 'pathtogs', 'pathtodu', 'aspellpath', 'pathtodot'
                 );
 $productioncfg = (array)$CFG;
 $CFG = new stdClass();

version.php

@@ -29,7 +29,7 @@
 
 defined('MOODLE_INTERNAL') || die();
 
-$version  = 2016022500.00;              // YYYYMMDD      = weekly release date of this DEV branch.
+$version  = 2016022500.01;              // YYYYMMDD      = weekly release date of this DEV branch.
                                         //         RR    = release increments - 00 in DEV branches.
                                         //           .XX = incremental changes.