-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clamby showing false positives when scanning from attachment temp file location #31
Comments
Just to provide some additional information, it appears this issue has something to do with the clamd daemon, as Clamby works just fine with daemonize: false in the configuration, although the check takes a little too long to be a viable solution.
|
Interesting development as I continue working on this. Updating clamd.conf to comment in TCPAddr 127.0.0.1 and restarting the clamd daemon actually allowed Clamby to work while testing files in the Rails console. However, uploaded files appear to still always return as a virus. I'm scanning the file on upload from the attachment #tempfile#path location:
|
One final note: I was still experiencing the above issue where scanning the file from the Rails default upload temp file location still always results in Clamby showing all files as viruses. However, taking the file and writing it to some other location and then scanning it will render accurate results according to the tests I've done recently. As examples, the following were both done with a file that is known to not be a virus: The following doesn't appear to work:
In the above example, all files return as true when #virus?(path) is called. However, this solution does work:
In this example, the file after being saved was correctly identified as safe. |
This issue has changed, so I've changed the name accordingly. For my purposes, I've corrected the initial issue and I've gotten everything working in my production environment, but I've kept this open, as I'm not sure if this is intended behavior or not. Clamby is still showing false positives for me when scanning from attachment temp location when a form is submitted. Feel free to close this issue if this is intended behavior. |
This seems a bit similar to #26 Regardless, what is your upload mechanism; carrierwave, activestorage, refile, etc? |
@kobaltz I have noticed the same behavior as @gregorybilello. I'm using ActiveStorage. |
Thanks @brotherjack I'll look into this a bit |
I'm seeing it with CarrierWave also. The file writing workaround posted above didn't fix the problem for me, but what did fix the problem was setting Also: setting |
kobaltz/clamby#31 (comment) suggested streaming the files for clamdscan which worked. The documentation for clamby illustrates using `before_save` as the callback and I tested this as well but think that keeping this as a validation with an error message makes the most sense. I also realized at that time that the documentation also spoke to the `attachment_changes` work around.
kobaltz/clamby#31 (comment) suggested streaming the files for clamdscan which worked. The documentation for clamby illustrates using `before_save` as the callback and I tested this as well but think that keeping this as a validation with an error message makes the most sense. I also realized at that time that the documentation also spoke to the `attachment_changes` work around.
I'm not certain if this is a repeat of #9
I configured Clamby with ClamAV in a local environment, and didn't experience any issues.
However, when attempting to configure Clamby and ClamAV in a production environment, I'm experiencing an issue where the Clamby#safe? method returns false for all files and Clamby#virus? method returns true for all files.
My production environment is running Ubuntu 16.05.5 LTS, and ClamAV, clamd, and freshclam have been installed and configured properly, to my knowledge.
Per ClamAV documentation, clamd is running under the "clamav" user. I'm not sure if this is how the daemon should be configured to work with Clamby or not.
When I check any file, even files contained in my Rails application, Clamby returns that all are viruses:
Additionally, clamd.conf and freshclam.conf have been configured properly:
freshclam is also properly configured and updated:
Any help would be appreciated, as I'm not sure what's going wrong here between the various components involved.
Thanks.
The text was updated successfully, but these errors were encountered: