Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Administrator notification does not work #152

Open
GAS85 opened this issue May 11, 2020 · 1 comment
Open

Administrator notification does not work #152

GAS85 opened this issue May 11, 2020 · 1 comment

Comments

@GAS85
Copy link
Contributor

GAS85 commented May 11, 2020

Steps to reproduce

  1. As mentioned in Logs spam with the same file info if file is found. #150 set 2 Virus Test files for 2 different Users
  2. User 1 in in Administrative Group, User 2 is not.
  3. User 1 will see Antivirus notifications only for File 1 that is in his folder, but not for a File 2 that belongs to user 2.
  4. Administrator - User 3 will not see any notifications and needs to grep logs manually:
    grafik

Expected behaviour

Administrator AND all users under Administrative Group must receive a notifications about all users infected files.

Actual behaviour

Only actual User will see notification. Non of Administrators can see it if file is not shared with them.

Server configuration

Operating system: Ubuntu 18.04

Web server: Apache/2.4.43

Database: mysql Ver 15.1 Distrib 10.1.44-MariaDB

PHP version: 7.3.17-1

Nextcloud version: 18.0.4

Where did you install Nextcloud from: Official

List of activated apps:

Enabled:
  - accessibility: 1.4.0
  - activity: 2.11.0
  - admin_audit: 1.8.0
  - audioplayer: 2.10.0
  - bruteforcesettings: 1.6.0
  - calendar: 2.0.3
  - checksum: 0.4.4
  - cloud_federation_api: 1.1.0
  - comments: 1.8.0
  - data_request: 1.5.0
  - dav: 1.14.0
  - deck: 1.0.0
  - drawio: 0.9.5
  - federatedfilesharing: 1.8.0
  - federation: 1.8.0
  - files: 1.13.1
  - files_antivirus: 2.3.0
  - files_automatedtagging: 1.8.2
  - files_external: 1.9.0
  - files_mindmap: 0.0.21
  - files_pdfviewer: 1.7.0
  - files_retention: 1.7.0
  - files_rightclick: 0.15.2
  - files_sharing: 1.10.1
  - files_trashbin: 1.8.0
  - files_versions: 1.11.0
  - files_videoplayer: 1.7.0
  - firstrunwizard: 2.7.0
  - flowupload: 0.1.8
  - forms: 1.1.1
  - gpxpod: 4.2.1
  - keeweb: 0.6.2
  - logreader: 2.3.0
  - lookup_server_connector: 1.6.0
  - mail: 1.3.4
  - maps: 0.1.6
  - nextcloud_announcements: 1.7.0
  - notes: 3.3.0
  - notifications: 2.6.0
  - oauth2: 1.6.0
  - ocdownloader: 1.7.7
  - password_policy: 1.8.0
  - phonetrack: 0.6.2
  - photos: 1.0.0
  - polls: 1.4.3
  - previewgenerator: 2.3.0
  - privacy: 1.2.0
  - provisioning_api: 1.8.0
  - radio: 0.6.6
  - recommendations: 0.6.0
  - serverinfo: 1.8.0
  - settings: 1.0.0
  - sharebymail: 1.8.0
  - spreed: 8.0.8
  - survey_client: 1.6.0
  - systemtags: 1.8.0
  - text: 2.0.0
  - theming: 1.9.0
  - twofactor_backupcodes: 1.7.0
  - twofactor_totp: 4.1.3
  - unsplash: 1.1.5
  - updatenotification: 1.8.0
  - viewer: 1.2.0
  - weather: 1.7.2
  - workflowengine: 2.0.0
Disabled:
  - encryption
  - impersonate
  - sharerenamer
  - support
  - user_ldap

Nextcloud configuration:

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": {
            "0": "***REMOVED SENSITIVE VALUE***",
            "2": "***REMOVED SENSITIVE VALUE***"
        },
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "overwrite.cli.url": "https:\/\/***REMOVED SENSITIVE VALUE***\/nextcloud",
        "dbtype": "mysql",
        "version": "18.0.4.2",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "filesystem_check_changes": 0,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379,
            "timeout": 1.5
        },
        "mail_smtpmode": "smtp",
        "mail_smtpauthtype": "LOGIN",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "theme": "",
        "logfile": "\/var\/log\/nextcloud.log",
        "loglevel": 1,
        "trashbin_retention_obligation": "14, auto",
        "versions_retention_obligation": "14, auto",
        "data-fingerprint": "***REMOVED SENSITIVE VALUE***",
        "enable_previews": true,
        "enabledPreviewProviders": [
            "OC\\Preview\\PNG",
            "OC\\Preview\\JPEG",
            "OC\\Preview\\GIF",
            "OC\\Preview\\BMP",
            "OC\\Preview\\XBitmap",
            "OC\\Preview\\Movie",
            "OC\\Preview\\PDF",
            "OC\\Preview\\MP3",
            "OC\\Preview\\TXT",
            "OC\\Preview\\MarkDown"
        ],
        "preview_max_x": 1920,
        "preview_max_y": 1080,
        "jpeg_quality": 90,
        "auth.bruteforce.protection.enabled": true,
        "simpleSignUpLink.shown": false,
        "mail_smtpsecure": "tls",
        "mail_smtpauth": 1,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "twofactor_enforced": "true",
        "twofactor_enforced_groups": [
            "admin"
        ],
        "twofactor_enforced_excluded_groups": [],
        "has_rebuilt_cache": true,
        "updater.release.channel": "stable",
        "app_install_overwrite": [
            "keeweb",
            "radio"
        ]
    }
}

Logs

Nextcloud log (data/owncloud.log)

nextcloud.log:{"reqId":"MjJnqGiZOUnS7LX5R3k1","level":4,"time":"2020-05-11T06:15:16+00:00","remoteAddr":"","user":"--","app":"files_antivirus","method":"","url":"--","message":"Infected file found (during background scan) Win.Test.EICAR_HDB-1 File: 4622181Account: USER1 Path: /USER1/files/testvirus.com","userAgent":"--","version":"18.0.4.2"}
nextcloud.log:{"reqId":"MjJnqGiZOUnS7LX5R3k1","level":4,"time":"2020-05-11T06:15:16+00:00","remoteAddr":"","user":"--","app":"files_antivirus","method":"","url":"--","message":"Infected file found (during background scan) Eicar-Signature File: 4638250Account: USER2 Path: /USER2/files/New text document.txt","userAgent":"--","version":"18.0.4.2"}
nextcloud.log:{"reqId":"2IpNCCghPo92PmCbvPlJ","level":4,"time":"2020-05-11T06:30:25+00:00","remoteAddr":"","user":"--","app":"files_antivirus","method":"","url":"--","message":"Infected file found (during background scan) Win.Test.EICAR_HDB-1 File: 4622181Account: USER1 Path: /USER1/files/testvirus.com","userAgent":"--","version":"18.0.4.2"}
nextcloud.log:{"reqId":"2IpNCCghPo92PmCbvPlJ","level":4,"time":"2020-05-11T06:30:25+00:00","remoteAddr":"","user":"--","app":"files_antivirus","method":"","url":"--","message":"Infected file found (during background scan) Eicar-Signature File: 4638250Account: USER2 Path: /USER2/files/New text document.txt","userAgent":"--","version":"18.0.4.2"}
nextcloud.log:{"reqId":"3V6LbskveKSaUWSdDgs8","level":4,"time":"2020-05-11T07:00:03+00:00","remoteAddr":"","user":"--","app":"files_antivirus","method":"","url":"--","message":"Infected file found (during background scan) Win.Test.EICAR_HDB-1 File: 4622181Account: USER1 Path: /USER1/files/testvirus.com","userAgent":"--","version":"18.0.4.2"}
nextcloud.log:{"reqId":"3V6LbskveKSaUWSdDgs8","level":4,"time":"2020-05-11T07:00:03+00:00","remoteAddr":"","user":"--","app":"files_antivirus","method":"","url":"--","message":"Infected file found (during background scan) Eicar-Signature File: 4638250Account: USER2 Path: /USER2/files/New text document.txt","userAgent":"--","version":"18.0.4.2"}
nextcloud.log:{"reqId":"EK6P2yTtHtx7WqHbJ7kf","level":4,"time":"2020-05-11T07:15:22+00:00","remoteAddr":"","user":"--","app":"files_antivirus","method":"","url":"--","message":"Infected file found (during background scan) Win.Test.EICAR_HDB-1 File: 4622181Account: USER1 Path: /USER1/files/testvirus.com","userAgent":"--","version":"18.0.4.2"}
nextcloud.log:{"reqId":"EK6P2yTtHtx7WqHbJ7kf","level":4,"time":"2020-05-11T07:15:22+00:00","remoteAddr":"","user":"--","app":"files_antivirus","method":"","url":"--","message":"Infected file found (during background scan) Eicar-Signature File: 4638250Account: USER2 Path: /USER2/files/New text document.txt","userAgent":"--","version":"18.0.4.2"}
nextcloud.log:{"reqId":"N2n6g17X4R2j5PoYee9Z","level":4,"time":"2020-05-11T07:45:18+00:00","remoteAddr":"","user":"--","app":"files_antivirus","method":"","url":"--","message":"Infected file found (during background scan) Win.Test.EICAR_HDB-1 File: 4622181Account: USER1 Path: /USER1/files/testvirus.com","userAgent":"--","version":"18.0.4.2"}
nextcloud.log:{"reqId":"N2n6g17X4R2j5PoYee9Z","level":4,"time":"2020-05-11T07:45:18+00:00","remoteAddr":"","user":"--","app":"files_antivirus","method":"","url":"--","message":"Infected file found (during background scan) Eicar-Signature File: 4638250Account: USER2 Path: /USER2/files/New text document.txt","userAgent":"--","version":"18.0.4.2"}
@GAS85
Copy link
Contributor Author

GAS85 commented May 12, 2020

I create a script that evaluate logs and could notify any user: https://github.com/GAS85/nextcloud_scripts/blob/master/nextcloud-av-notification.sh
For NC before 14 this script needs "Admin notifications" App to be enabled.

@GAS85 GAS85 mentioned this issue Jun 8, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GAS85