Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

MDL-19380 reimplement antivir scanning in repositories

  • Loading branch information...
commit 16dc846eb1792f897ec86e188a4fa1716c3166a9 1 parent c7c1a8c
Petr Skoda skodak authored stronk7 committed
3  lib/uploadlib.php
@@ -697,7 +697,8 @@ function clam_message_admins($notice) {
697 697 $admins = get_admins();
698 698 foreach ($admins as $admin) {
699 699 $eventdata = new stdClass();
700   - $eventdata->modulename = 'moodle';
  700 + $eventdata->component = 'moodle';
  701 + $eventdata->name = 'errors';
701 702 $eventdata->userfrom = get_admin();
702 703 $eventdata->userto = $admin;
703 704 $eventdata->subject = $subject;
74 repository/lib.php
@@ -947,6 +947,76 @@ public static function static_function($plugin, $function) {
947 947 }
948 948
949 949 /**
  950 + * Scan file, throws exception in case of infected file.
  951 + *
  952 + * Please note that the scanning engine must be able to access the file,
  953 + * permissions of the file are not modified here!
  954 + *
  955 + * @static
  956 + * @param string $thefile
  957 + * @param string $filename name of the file
  958 + * @param bool $deleteinfected
  959 + * @return void
  960 + */
  961 + public static function antivir_scan_file($thefile, $filename, $deleteinfected) {
  962 + global $CFG;
  963 +
  964 + if (!is_readable($thefile)) {
  965 + // this should not happen
  966 + return;
  967 + }
  968 +
  969 + if (empty($CFG->runclamonupload) or empty($CFG->pathtoclam)) {
  970 + // clam not enabled
  971 + return;
  972 + }
  973 +
  974 + $CFG->pathtoclam = trim($CFG->pathtoclam);
  975 +
  976 + if (!file_exists($CFG->pathtoclam) or !is_executable($CFG->pathtoclam)) {
  977 + // misconfigured clam - use the old notification for now
  978 + require("$CFG->libdir/uploadlib.php");
  979 + $notice = get_string('clamlost', 'moodle', $CFG->pathtoclam);
  980 + clam_message_admins($notice);
  981 + return;
  982 + }
  983 +
  984 + // do NOT mess with permissions here, the calling party is responsible for making
  985 + // sure the scanner engine can access the files!
  986 +
  987 + // execute test
  988 + $cmd = escapeshellcmd($CFG->pathtoclam).' --stdout '.escapeshellarg($thefile);
  989 + exec($cmd, $output, $return);
  990 +
  991 + if ($return == 0) {
  992 + // perfect, no problem found
  993 + return;
  994 +
  995 + } else if ($return == 1) {
  996 + // infection found
  997 + if ($deleteinfected) {
  998 + unlink($thefile);
  999 + }
  1000 + throw new moodle_exception('virusfounduser', 'moodle', '', array('filename'=>$filename));
  1001 +
  1002 + } else {
  1003 + //unknown problem
  1004 + require("$CFG->libdir/uploadlib.php");
  1005 + $notice = get_string('clamfailed', 'moodle', get_clam_error_code($return));
  1006 + $notice .= "\n\n". implode("\n", $output);
  1007 + clam_message_admins($notice);
  1008 + if ($CFG->clamfailureonupload === 'actlikevirus') {
  1009 + if ($deleteinfected) {
  1010 + unlink($thefile);
  1011 + }
  1012 + throw new moodle_exception('virusfounduser', 'moodle', '', array('filename'=>$filename));
  1013 + } else {
  1014 + return;
  1015 + }
  1016 + }
  1017 + }
  1018 +
  1019 + /**
950 1020 * Move file from download folder to file pool using FILE API
951 1021 * @global object $DB
952 1022 * @global object $CFG
@@ -962,6 +1032,10 @@ public static function static_function($plugin, $function) {
962 1032 */
963 1033 public static function move_to_filepool($thefile, $record) {
964 1034 global $DB, $CFG, $USER, $OUTPUT;
  1035 +
  1036 + // scan for viruses if possible, throws exception if problem found
  1037 + self::antivir_scan_file($thefile, $record->filename, empty($CFG->repository_no_delete)); //TODO: MDL-28637 this repository_no_delete is a bloody hack!
  1038 +
965 1039 if ($record->filepath !== '/') {
966 1040 $record->filepath = trim($record->filepath, '/');
967 1041 $record->filepath = '/'.$record->filepath.'/';
13 repository/repository_ajax.php
@@ -249,17 +249,8 @@
249 249 }
250 250 break;
251 251 case 'upload':
252   - // handle exception here instead moodle default exception handler
253   - // see MDL-23407
254   - try {
255   - // TODO: add file scanning MDL-19380 into each plugin
256   - $result = $repo->upload($saveas_filename, $maxbytes);
257   - echo json_encode($result);
258   - } catch (Exception $e) {
259   - $err->error = $e->getMessage();
260   - echo json_encode($err);
261   - die;
262   - }
  252 + $result = $repo->upload($saveas_filename, $maxbytes);
  253 + echo json_encode($result);
263 254 break;
264 255
265 256 case 'overwrite':
7 repository/upload/lib.php
@@ -102,6 +102,13 @@ public function upload($saveas_filename, $maxbytes) {
102 102 }
103 103 }
104 104
  105 + // scan the files, throws exception and deletes if virus found
  106 + // this is tricky because clamdscan daemon might not be able to access the files
  107 + $permissions = fileperms($_FILES[$elname]['tmp_name']);
  108 + @chmod($_FILES[$elname]['tmp_name'], $CFG->filepermissions);
  109 + self::antivir_scan_file($_FILES[$elname]['tmp_name'], $_FILES[$elname]['name'], true);
  110 + @chmod($_FILES[$elname]['tmp_name'], $permissions);
  111 +
105 112 if (empty($saveas_filename)) {
106 113 $record->filename = clean_param($_FILES[$elname]['name'], PARAM_FILE);
107 114 } else {

0 comments on commit 16dc846

Please sign in to comment.
Something went wrong with that request. Please try again.