files_antivirus is an antivirus app for ownCloud based on ClamAV.
The idea is to check for virus at upload-time, notifying the user (on screen and/or email) and remove the file if it's infected.
The App is not complete yet, the following works/is done:
- It can be configured to work with the executable or the daemon mode of ClamAV
- If used in daemon mode it can connect through network- or local file-socket
- In daemon mode, it sends files to a remote/local server using INSTREAM command
- When the user uploads a file, it's checked
- If an uploaded file is infected, it's deleted and a notification is shown to the user on screen and an email is sent with details.
- Tested in Linux only
- Background Job to scan all files
- Test uploading from clients
- File size limit
- Configurations Tuneups
- Other OS Testing
- Look for ideas :P
- ClamAV (Binaries or a server running ClamAV in daemon mode)
- Install and enable the App
- Go to Admin Panel and configure the App
The Files Antivirus app can support the ICAP protocol if you are using the ownCloud Enterprise Edition.
Using the ICAP mode requires a valid enterprise license. If no license key is present, it will trigger the grace period to obtain a valid key. After the expiration of the grace period / license key, the files_antivirus app will be disabled.
c-icap has a built-in clamav module see https://sourceforge.net/p/c-icap/wiki/ModulesConfiguration/
An out-of-the-box docker image for testing purpose is available at https://hub.docker.com/r/deepdiver/icap-clamav-service
For simple local testing run docker run -ti deepdiver/icap-clamav-service and get it's ip using docker inspect. The IP address needs to be setup in the configuration - see above
The request service for clamav has to be set to 'avscan' and the response header to 'X-Infection-Found'
Kaspersky provides docker images as well (https://box.kaspersky.com/d/c8d8577dc2494256b45e/) Follow the instructions in Kaspersky ScanEngine for Kubernetes.7z
Additional configuration: Enable Allow204 - this is necessary to tell kav to not send back the file contents. see https://support.kaspersky.com/ScanEngine/1.0/en-US/201151.htm
The request service for clamav has to be set to 'req' and the response header to 'X-Virus-ID'
NOTE: The older versions of KAV did not send back the virus/infection name in an icap header.
In v2.0.0 the header to transport the virus can be configured. Default: No header is sent. see https://support.kaspersky.com/ScanEngine/1.0/en-US/201214.htm
Select 'Fortinet' from the dropdown.
The request service for FortiSandbox has to be set to 'respmod' and the response header to 'X-Virus-Name'.
Fortinet provides product trials of FortiSandbox, please have a look at Fortinet.
Select 'McAfee Web Gateway 10.x and higher' from the dropdown.
The request service for McAfee has to be set to 'respmod' and the response header to 'X-Virus-Name'.
McAfee provides product trial for evaluation purposes. Have a look at the McAfee Webpage for the Web Gateway.
Note: Product is now called 'Skyhigh Secure Web Gateway'
Authors:
Manuel Delgado López :: manuel.delgado at ucr.ac.cr
Bart Visscher
Viktar Dubiniuk