Skip to content
Browse files

MDL-34939: Fix clamdscan permissions-related issues

Use --fdpass parameter that passes the file descriptor permissions to clamd,
which allows to scan given file irrespective of directory and file
permissions. Changing file permissions is not required.
  • Loading branch information...
1 parent 3c719fa commit 6b59b89a1ba45521534c18f835616ee3fa5252d2 @kabalin kabalin committed with damyon Apr 15, 2013
Showing with 10 additions and 9 deletions.
  1. +10 −4 repository/lib.php
  2. +0 −5 repository/upload/lib.php
View
14 repository/lib.php
@@ -1135,11 +1135,17 @@ public static function antivir_scan_file($thefile, $filename, $deleteinfected) {
return;
}
- // do NOT mess with permissions here, the calling party is responsible for making
- // sure the scanner engine can access the files!
-
+ $clamparam = ' --stdout ';
+ // If we are dealing with clamdscan, clamd is likely run as a different user
+ // that might not have permissions to access your file.
+ // To make clamdscan work, we use --fdpass parameter that passes the file
+ // descriptor permissions to clamd, which allows it to scan given file
+ // irrespective of directory and file permissions.
+ if (basename($CFG->pathtoclam) == 'clamdscan') {
+ $clamparam .= '--fdpass ';
+ }
// execute test
- $cmd = escapeshellcmd($CFG->pathtoclam).' --stdout '.escapeshellarg($thefile);
+ $cmd = escapeshellcmd($CFG->pathtoclam).$clamparam.escapeshellarg($thefile);
exec($cmd, $output, $return);
if ($return == 0) {
View
5 repository/upload/lib.php
@@ -138,12 +138,7 @@ public function process_upload($saveas_filename, $maxbytes, $types = '*', $savep
}
}
- // scan the files, throws exception and deletes if virus found
- // this is tricky because clamdscan daemon might not be able to access the files
- $permissions = fileperms($_FILES[$elname]['tmp_name']);
- @chmod($_FILES[$elname]['tmp_name'], $CFG->filepermissions);
self::antivir_scan_file($_FILES[$elname]['tmp_name'], $_FILES[$elname]['name'], true);
- @chmod($_FILES[$elname]['tmp_name'], $permissions);
// {@link repository::build_source_field()}
$sourcefield = $this->get_file_source_info($_FILES[$elname]['name']);

0 comments on commit 6b59b89

Please sign in to comment.
Something went wrong with that request. Please try again.