New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Basic "Can't get it to work" issue. #162
Comments
Hi, Any |
Hi @Maikuolan, there were no error logs made at all. Do you know if it's unable to work on a godaddy server? Many function are unable to work on godaddy servers. |
The entire loader.php function correctly, nothing dies. That is, I've tried adding an echo to the bottom of the file, and it's echoed perfectly. I download every single file, I used the option at the top right of github to download the package, so no files was missing. I haven't yet gone through them to remove the .md and .txt files, so all still are there. |
I guess the error is suppressed by some |
Replicated the steps (i.e., a fresh install) on my test server, and works as expected, so at least, no recent breaking changes made to the codebase itself AFAICT. Not aware specifically of any compatibility issues with GoDaddy, though it's possible there could be problems due to specific Checking whether error suppression has been enabled definitely sounds like the logical next step to take, I think. If there's some error occurring, and we can't see what it is, it will be difficult to fix, so not suppressing errors would be ideal in this case (assuming that they're being suppressed currently). |
Worth noting: You'll need to install and activate any needed signature files as well, for phpMussel to work optimally. That said though, so you still be seeing something from phpMussel, regardless of whether any signature files are installed. For example, on the fresh install on my test server just now (without the signatures), I see this currently:
|
Damn it. I was going through the code for hours last night. Errors aren't supressed, they come up whenever they occur. In regards to php.ini, could you think of any specific options that need to be changed? I also noticed that the check you did above, @Maikuolan , in the previous comments took less than a second to complete. I thought it would take longer, that is super quick. I really would like this plugin/programme to work. |
Take in mind, the example in the above comment is scanning without any signature files. It might take a little longer when all signature files are properly installed, depending on what's being scanned. ;-) Still, we aim for fast execution when possible, so it should be reasonably fast regardless. As an example, scanning all test files together in the same scan operation, with all signature files installed and activated, configuration giving preference for maximum scanning (e.g., nothing blacklisted, most options enabled, etc):
..takes about ~6, ~7 seconds on my test server (which is still pretty fast IMO, especially for something written entirely in PHP, but still somewhat slower than a traditional desktop scanner). |
Could be output being suppressed somehow, maybe..? Anything generated in |
@Maikuolan well, in the cache there are two files.
|
Cheers. The The That there aren't any Just to explore all possibilities: What's the current permissions/CHMOD set for the phpMussel vault directory? |
I see i see. |
Try saving this to a new PHP file, uploading to your server, and running it; <?php echo ini_get('disable_functions') ?: 'Nothing disabled.'; What appears on the page? |
A real shame, I thought maybe we were on to something! It came up saying 'Nothing Disabled'. |
I tried doing the bit where you log in via the front end. I then trialled scanning 3 files, they all worked perfectly and the file called "scan_log.txt" was edited with each scan. Still, just not working when on a php page. Maybe this doesn't work how I think it should. It's not overridden, thus echoing to a file in the vault, is it? I don't want to sound like an arse, because I really really appreciate your effort in the programme and respect it, but there isn't much information regarding functions and actions other than that one liner. I notice that you need to specifically turn of the auto clean. The description of such makes it seem as if the scan happens on its own just whenever a file is uploaded. How do all those great functions I see in the upload.php get triggered? Do they just automatically override when you use the move_uploaded_file() function or similar? |
No problem. Not coming off as an arse at all, IMO. :-) The fact that it seems to not be working as expected, is a bit baffling to me at the moment too, but we should be able to get to the bottom of it one way or another.
phpMussel doesn't override any default PHP functions at all. So, the "scan" function/closure (i.e., the In sticking with the coding standards promoted by PSR as best I can (specifically, the part about how files should either declare things, or cause things to happen, but not both), the In /** Execute the scan! */
try {
$r = $phpMussel['Scan'](
$phpMussel['upload']['FilesData']['FileSet']['tmp_name'][$phpMussel['upload']['FilesData']['FileSet']['i']],
true,
true,
0,
$phpMussel['upload']['FilesData']['FileSet']['name'][$phpMussel['upload']['FilesData']['FileSet']['i']]
);
} catch (\Exception $e) {
die($e->getMessage());
} (The In the above snippet, you'll notice that the main bulk of what "upload scanning" is doing, is iterating through In /**
* The main scan closure, responsible for initialising scans in most
* circumstances. Should generally be called whenever phpMussel is
* required by external scripts, apps, CMS, etc.
*
* Please refer to Section 3A of the README documentation, "HOW TO USE (FOR WEB
* SERVERS)", for more information.
*
* @param string|array $f Indicates which file, files, directory, or
* directories to scan (can be a string, an array, or a multidimensional
* array).
* @param bool $n A boolean, indicating the format for the scan results to be
* returned as. False instructs the function to return the results as an
* integer; True instructs the function to return the results as human
* readable text. Optional; Defaults to false.
* @param bool $zz A boolean, indicating to the function whether or not arrayed
* results should be imploded prior to being returned to the calling
* function. False instructs the function to return the arrayed results as
* verbatim; True instructs the function to return the arrayed results as
* an imploded string. Optional; Defaults to false.
* @param int $dpt Represents the current depth of recursion from which the
* function has been called. This information is used for determining how
* far to indent any entries generated for logging (you should never
* manually set this parameter yourself).
* @param string $ofn For the file upload scanning that phpMussel normally
* performs by default, this parameter represents the "original filename"
* of the file being scanned (the original filename, in this context,
* referring to the name supplied by the upload client, as opposed to the
* temporary filename assigned by the server or anything else).
* @return bool|int|string|array The scan results, returned as an array when
* the $f parameter is an array and when $n and/or $zz is/are false, and
* otherwise returned as per described by the README documentation. The
* function may also die the script and return nothing, if something goes
* wrong, such as if the function is triggered in the absense of the
* required $phpMussel['memCache'] variable being set, and may also return
* false, in the absense of the required $phpMussel['HashCache']['Data']
* variable being set.
*/
$phpMussel['Scan'] = function ($f = '', $n = false, $zz = false, $dpt = 0, $ofn = '') use (&$phpMussel) { CLI mode doesn't need the encapsulation provided by "scan", and skips ahead to using phpMussel's internal "recursor" function/closure instead, but otherwise, normally everything should just use "scan". (Sorry for the some of the weird keyword and variable names, BTW. I'll get around to sorting those out at some point in the future, but as changing them wouldn't affect functionality at all, wouldn't bring in any new features and such, and is basically considered an aesthetic issue, it's something on the back-burner at the moment). On note about the If logging is enabled, then scan results should be logged to a file within the vault, but this shouldn't affect the output generated by scan at all (i.e., you should still be seeing some output regardless of whether logging is enabled or disabled). |
That was a great explanation. Completely sums my questions up. No I see how confusing this can be, because there are very minimal, if not only 1, functions that can be used. So it's really not as if I'm missing or doing something wrong. Have you not to date had many poeple say that haven't been able to install it and have it work correctly? Are there any other trouble shooting at all that you can think of for me to do to try and figure out the issue? My times limit is merely my next app update, and in my list of items, this scanning function was first so I'm good to do whatever to see if we can get it working. |
I've had people say that before, but it usually turned out to be them doing something wrong, problems on the server (like crucial PHP functions disabled and such), or misunderstanding something, or a wrongly configured package (like with Do you, by any chance, have a separate hosting space available elsewhere (i.e., with a different hosting provider), per chance? If not, maybe a friend that could set up temporary subdirectory and FTP account for you on theirs for a day or two to test this out? Bit of a long shot, but I'm wondering, if you were to try to replicate the exact steps taken thus far with the installation which isn't working, at a separate location elsewhere, whether there would be any differences (either working properly, or if not working, providing some more details, via error logs, or some server messages which we aren't seeing currently). At the very least, whether we'd see different results between the two different locations, while taking the exact same steps, could identify whether the ultimate cause of the problem cause of the problem is (1) something wrong with the package itself (e.g., a bug, typo in the codebase somewhere, etc), (2) something wrong with the specific installation (e.g., a misstep, something configured wrongly, or installed incorrectly somehow), or (3) something wrong with GoDaddy (i.e., if the results are different, despite taking the same steps, that would imply that the ultimate cause lies with GoDaddy somewhere, whether it be a problem with the way they've configured PHP, a problem with the way the hosting account is configured, or something like that; conversely, if the results are exactly the same in both cases, then the ultimate cause of the problem couldn't be something specific to GoDaddy, and must lie either with us or the codebase somewhere). |
That sounds good. I've got a couple of sites all with GoDaddy. They've only let me down a couple of things, so I've stayed. Give me an hour and I'll try installing it on another site. |
Jeeeeeeeesus. It worked perfectly on the other domain. I then decided to delete phpmussel from the original site and then reinstall it. It works! Got no idea, clearly it was all my fault and I must have done something incorrectly the time. Quick question, is there a line of code I can use to trigger a clean up? Also, in your experience, do you know which file types are the least likely to have viruses? Or if there are file types, such as a spreadsheet document that can't have viruses? I'll be using your virus scanner in an upload function that accepts .txt, .pdf, .xml/s, .csv, and .doc/x. Any advice? |
No worries; As long as it works now, that's the main thing. ^.^
Yep. :-) The unset($phpMussel); Or if doing so from somewhere outside the global scope (e.g., within some class, function, etc): unset($GLOBALS['phpMussel']); The only thing that this would miss, is any plugins that might optionally be installed (in case they work with closures or classes outside of phpMussel's global variable). The default cleanup routine in phpMussel accounts for this though by iterating through it all and using variable-variables to destroy anything registered by any installed plugins: /** Destroy unrequired plugin closures. */
if (isset($phpMussel['MusselPlugins']['closures'])) {
foreach ($phpMussel['MusselPlugins']['closures'] as $x) {
if (isset($$x) && is_object($$x)) {
unset($$x);
}
}
}
/** Unset our working data so that we can exit cleanly. */
unset($x, $phpMussel); (But if you're not using any optional plugins, and if your own cleanup is happening within the global scope, just that first
Technically speaking, any type of file can contain (or be infected by) a virus. However, viruses can't necessarily be executed from any type of file. For example: I could easily take the raw data belonging to a virus which normally exists inside a PE (portable executable) file (e.g., EXEs, DLLs, etc) and dump it into a plain-text file (TXT), and it would still continue to exist all the same, but in most cases, as it would be existing outside its intended infection vector, it would (usually) be effectively neutered, and unable to cause any real harm. In that sense, there's not a single type of file on the planet that we could ever guarantee as being 100% virus-free, but some types of files are nonetheless more/less dangerous than others, due to being inherently unable (under normal circumstances) to actually execute/run malicious code. So the main question then, is which types of files can actually cause things to execute, or run. TXT files are generally pretty safe in that sense. They're intended for plain-text, and nothing else, and (assuming the end-user isn't using some insane program for reading plain-text files which does things that such a program shouldn't normally do) don't execute anything (i.e., programs intended for reading text-files, tend to just show the content of the file, allow basic editing, search-and-replace, etc, and don't actually execute anything based on file content). Because of this, TXT files aren't generally considered as viable infection vectors. PDFs and DOC(/X) files can contain macros though, which makes them tempting infection vectors for virus and malware creators. Disabling macros in your document reader should generally make them a bit safer of course, but they remain a tempting infection vector nonetheless. XML files are in a similar situation to TXT files. Though I've seen a few nasties before that could execute in specific contexts (like when XML files might be intended for specific programs that might execute commands based on the contents of an XML file), but it's generally pretty rare. CSV files are generally pretty safe, too (although a spreadsheet file containing a malicious macro could theoretically be renamed as a CSV file to trick users into thinking its a CSV file, and if that user's default program for opening CSVs and opening spreadsheets is the same, potentially risk being infected, so I wouldn't call them 100% safe in that sense.. but again, not a particularly big risk, and definitely mitigable if said default program disables macros in the first place, as many do nowadays by default anyhow). Anything directly executable, or self-executable, like EXE files, are naturally going to be your main worry. If you don't allow them to be uploaded to your server in the first place though, then it's much less of a worry (you could just blacklist that filetype, ensure that the As always, regardless of filetype, it's good to ensure that the Java files, Flash files, etc, are some other potential infection vectors (though there are plenty that exist, of course). |
A quick note regarding archives containing potentially infected files: In terms of risk, one's about the same as any other. However, the chance of phpMussel detecting something malicious in an archive may depend on the type of archive, due to that phpMussel doesn't yet support all of the more common archive formats. See: Wish list: Archive support. So, if you allow archives to be uploaded, in order to really be sure about them, and if relying primarily on phpMussel, it may, in some cases, be worth considering blacklisting the formats which aren't yet supported (due to phpMussel being unable to see inside them and scan their contents yet). Though, this would be a concern primarily for end-users being infected, as opposed to the server or website itself (seeing as the chameleon attack detections and such should still be able to detect any embedded malicious PHP code and such that could potentially execute). General rule of thumb, also: If a particular type of file isn't something you actually expect or normally anticipate being uploaded to your website, it may be prudent to block it regardless (due to that if you see such files being uploaded by a user at some point in the future, it might or mightn't be infected, but the fact of it being unanticipated or unexpected would in itself be reason to question the file to some extent, and blocking may thus be a good idea just in case). |
Please use this template when reporting bugs, problems, issues, etc.
Server: GoDaddy
phpMussel version used: latest
PHP version installed: 7.1.0
Operating system used: Linux
Issue:
First, a future thanks for the great virus scanner. I am amazed by how thorough the programme is vis-a-vis so many others. It seems like it would be really great to use.
The issue is that I can't get it to work at all. I have literally followed the instructions step by step. For clarification, they were as follows:
<?php require 'pathhome/public_html/phpfiles/phpMussel/loader.php'; ?>
(pathhome has been change to correct name).
echo $phpMussel['Scan']('pathhome/public_html/phpfiles/phpMussel/_testfiles/ascii_standard_testfile.txt', true, true);
After such, it's all blank. The path to loader is correct because I've tried echoing code, and also printing the array and it prints a gigantic array of your data. But the above echo is blank. Just returns nothing. There is no information online. Stackoverflow has nothing yet, but the programme is a couple years old. Makes me think this issue is so small no one could have had it. Please let me know what I've done wrong. Thank you.
The text was updated successfully, but these errors were encountered: