search

bunkerity / bunkerweb-plugins

Official plugins for BunkerWeb.
https://docs.bunkerweb.io/latest/plugins/
GNU Affero General Public License v3.0
27 stars 12 forks source link

bunkerweb1.5.3,clamav plugin does't work #22

Closed andyoulovexy closed 9 months ago

andyoulovexy commented 11 months ago

图片 bunkerweb log: 2023/11/01 16:16:26 [warn] 730#730: 372 [lua] _G write guard:12: __newindex(): writing a global Lua variable ('iend') which may lead to race conditions between concurrent requests, so prefer the use of 'local' variables stack traceback: /etc/bunkerweb/plugins/clamav/clamav.lua:236: in function 'scan' /etc/bunkerweb/plugins/clamav/clamav.lua:85: in function </etc/bunkerweb/plugins/clamav/clamav.lua:67> [C]: in function 'pcall' /usr/share/bunkerweb/lua/bunkerweb/helpers.lua:126: in function 'call_plugin' access_by_lua(suc.snagou.com/access-lua.conf:1):73: in main chunk, client: x.x.x.x, server: xxxx.com, request: "POST /@yang/index.php?c=uploadfile&a=ueditor&action=uploadfile HTTP/1.0", host: "xxxx.com", referrer: "http://xxxx.com/@yang/index.php?c=content&a=edit&id=38" 2023/11/01 16:16:26 [warn] 730#730: 372 [ACCESS] denied access from clamav : file with checksum d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010is detected : Win.Test.EICAR_HDB-1, client: x.x.x.x, server: xxxx.com, request: "POST /@yang/index.php?c=uploadfile&a=ueditor&action=uploadfile HTTP/1.0", host: "xxxx.com", referrer: "http://xxxx.com/@yang/index.php?c=content&a=edit&id=38" xxxx.com x.x.x.x - - [01/Nov/2023:16:16:26 +0000] "GET /data/upload/image/20231102/1698854501958921.pdf HTTP/1.0" 200 184 "http://xxxx.com/@yang/index.php?c=content&a=edit&id=38" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36" ---pODs2Bt4---A-- [01/Nov/2023:16:16:26 +0000] 16988553868.563090 x.x.x.x 0 192.168.32.3 8080 ---pODs2Bt4---B-- GET /data/upload/image/20231102/1698854501958921.pdf HTTP/1.0 Host: xxxx.com X-Real-IP: x.x.x.x X-Forwarded-For: x.x.x.x Referer: http://xxxx.com/@yang/index.php?c=content&a=edit&id=38 X-Forwarded-Proto: http Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36 Cookie: PHPSESSID=38mgt0rq9n74b3jhcbjb5pv1to Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9

---pODs2Bt4---F-- HTTP/1.0 200 X-Frame-Options: SAMEORIGIN Accept-Ranges: bytes Referrer-Policy: strict-origin-when-cross-origin ETag: "65427665-b8" Last-Modified: Wed, 01 Nov 2023 16:01:41 GMT Last-Modified: Wed, 01 Nov 2023 16:01:41 GMT Connection: close X-Powered-By: Content-Type: application/pdf Content-Length: 184 Date: Wed, 01 Nov 2023 16:16:26 GMT Feature-Policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none'; Server: Server: Content-Security-Policy: object-src 'none'; form-action 'self'; frame-ancestors 'self'; X-Content-Type-Options: nosniff Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=() X-XSS-Protection: 1; mode=block Expect-CT: X-AspNet-Version: X-AspNetMvc-Version:

---pODs2Bt4---H--

---pODs2Bt4---Z--

xxxx.com x.x.x.x - - [01/Nov/2023:16:16:26 +0000] "POST /@yang/index.php?c=uploadfile&a=ueditor&action=uploadfile HTTP/1.0" 403 703540 "http://xxxx.com/@yang/index.php?c=content&a=edit&id=38" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36" xxxx.com x.x.x.x - - [01/Nov/2023:16:16:33 +0000] "POST /@yang/index.php?c=content&a=edit&id=38 HTTP/1.0" 200 655 "http://xxxx.com/@yang/index.php?c=content&a=edit&id=38" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36" ---8W6ch3Jr---A-- [01/Nov/2023:16:16:33 +0000] 169885539399.701045 x.x.x.x 0 192.168.32.3 8080 ---8W6ch3Jr---B-- POST /@yang/index.php?c=content&a=edit&id=38 HTTP/1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36 X-Forwarded-Proto: http Content-Type: application/x-www-form-urlencoded Upgrade-Insecure-Requests: 1 Content-Length: 180 Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Connection: close Origin: http://xxxx.com X-Forwarded-For: x.x.x.x X-Real-IP: x.x.x.x Host: xxxx.com Referer: http://xxxx.com/@yang/index.php?c=content&a=edit&id=38 Accept-Encoding: gzip, deflate Cookie: PHPSESSID=38mgt0rq9n74b3jhcbjb5pv1to Accept-Language: zh-CN,zh;q=0.9

---8W6ch3Jr---C-- data%5Bcatid%5D=34&data%5Btitle%5D=%E8%BE%BE%E5%B0%94%E6%96%87%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95&data%5Bxiazai%5D=&file=eicar_com.pdf&data%5Bstatus%5D=1&submit=%E6%8F%90%E4%BA%A4

---8W6ch3Jr---F-- HTTP/1.0 200 Referrer-Policy: strict-origin-when-cross-origin X-Frame-Options: SAMEORIGIN Expires: Thu, 19 Nov 1981 08:52:00 GMT Content-Security-Policy: object-src 'none'; form-action 'self'; frame-ancestors 'self'; X-Powered-By: Connection: close Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html; charset=utf-8 Date: Wed, 01 Nov 2023 16:16:33 GMT Feature-Policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none'; Server: Server: X-Content-Type-Options: nosniff Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=() X-XSS-Protection: 1; mode=block Expect-CT: X-AspNet-Version: X-AspNetMvc-Version:

---8W6ch3Jr---H--

---8W6ch3Jr---Z--

xxxx.com x.x.x.x - - [01/Nov/2023:16:16:35 +0000] "GET /@yang/index.php?c=content&a=edit&id=38 HTTP/1.0" 200 4623 "http://xxxx.com/@yang/index.php?c=content&a=edit&id=38" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36" ---Mru2hNOq---A-- [01/Nov/2023:16:16:35 +0000] 169885539523.818664 x.x.x.x 0 192.168.32.3 8080 ---Mru2hNOq---B-- GET /@yang/index.php?c=content&a=edit&id=38 HTTP/1.0 Accept-Language: zh-CN,zh;q=0.9 Accept-Encoding: gzip, deflate Cookie: PHPSESSID=38mgt0rq9n74b3jhcbjb5pv1to Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.289 Safari/537.36 X-Forwarded-Proto: http Upgrade-Insecure-Requests: 1 Connection: close Referer: http://xxxx.com/@yang/index.php?c=content&a=edit&id=38 X-Forwarded-For: x.x.x.x X-Real-IP: x.x.x.x Host: xxxx.com

---Mru2hNOq---F-- HTTP/1.0 200 Referrer-Policy: strict-origin-when-cross-origin X-Frame-Options: SAMEORIGIN Expires: Thu, 19 Nov 1981 08:52:00 GMT Content-Security-Policy: object-src 'none'; form-action 'self'; frame-ancestors 'self'; X-Powered-By: Connection: close Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html; charset=utf-8 Date: Wed, 01 Nov 2023 16:16:35 GMT Feature-Policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none'; Server: Server: X-Content-Type-Options: nosniff Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=() X-XSS-Protection: 1; mode=block Expect-CT: X-AspNet-Version: X-AspNetMvc-Version:

---Mru2hNOq---H--

---Mru2hNOq---Z--

clamav log: 图片

fl0ppy-d1sk commented 9 months ago

Hey @andyoulovexy,

It should be fixed, feel free to test it again !

Thanks