search

nextcloud / files_antivirus

👾 Antivirus app for Nextcloud Files
https://apps.nextcloud.com/apps/files_antivirus
GNU Affero General Public License v3.0
86 stars 36 forks source link

Regression: Infected Files Now Yield "An unknown error has occurred" Instead of Appropriate Message #119

Open GuyPaddock opened 5 years ago

GuyPaddock commented 5 years ago

Steps to reproduce

  1. Install Nextcloud 15.0.5.3.
  2. Install Antivirus for Files v2.0.1.
  3. Install and configure ClamAV and the Antivirus plug-in so that it is able to communicate with ClamAV.
  4. Temporarily disable anti-virus on your local machine (to avoid it blocking your ability to test the plugin).
  5. Create an EICAR test file.
  6. Upload the test file to any file share.

Expected behaviour

Actual behaviour

This is a regression from Nextcloud 15.0.2 in which the message appeared correctly.

Server configuration

Operating system: Debian Stretch Web server: NGinx 1.15.9 Database: MariaDB PHP version: 7.2.15 Nextcloud version: 15.0.5.3 Updated from an older Nextcloud/ownCloud or fresh install: Fresh install Where did you install Nextcloud from: Docker image

List of activated apps

Nextcloud apps ``` Enabled: - accessibility: 1.1.0 - activity: 2.8.2 - checksum: 0.4.2 - cloud_federation_api: 0.1.0 - comments: 1.5.0 - dav: 1.8.1 - federatedfilesharing: 1.5.0 - federation: 1.5.0 - files: 1.10.0 - files_antivirus: 2.0.1 - files_downloadactivity: 1.4.0 - files_pdfviewer: 1.4.0 - files_sharing: 1.7.0 - files_texteditor: 2.7.0 - files_trashbin: 1.5.0 - files_versions: 1.8.0 - files_videoplayer: 1.4.0 - firstrunwizard: 2.4.0 - gallery: 18.2.0 - logreader: 2.0.0 - lookup_server_connector: 1.3.0 - metadata: 0.8.0 - music: 0.9.3 - nextcloud_announcements: 1.4.0 - notifications: 2.3.0 - oauth2: 1.3.0 - ownbackup: 18.11.0 - password_policy: 1.5.0 - provisioning_api: 1.5.0 - serverinfo: 1.5.0 - sharebymail: 1.5.0 - support: 1.0.0 - survey_client: 1.3.0 - systemtags: 1.5.0 - theming: 1.6.0 - twofactor_backupcodes: 1.4.1 - updatenotification: 1.5.0 - user_external: 0.5.1 - workflowengine: 1.5.0 Disabled: - admin_audit - encryption - files_automatedtagging - files_external - twofactor_totp - user_ldap ```

Nextcloud configuration

Nextcloud config ``` { "system": { "appstoreenabled": false, "apps_paths": [ { "path": "\/var\/www\/html\/apps", "url": "\/apps", "writable": false }, { "path": "\/var\/www\/html\/custom_apps", "url": "\/custom_apps", "writable": false } ], "logfile": "\/var\/log\/nextcloud.log", "memcache.local": "\\OC\\Memcache\\Redis", "memcache.locking": "\\OC\\Memcache\\Redis", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": "6379", "password": "***REMOVED SENSITIVE VALUE***", "timeout": 1.5 }, "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "localhost", "***REMOVED SENSITIVE VALUE***" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "15.0.5.3", "overwrite.cli.url": "http:\/\/localhost", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "instanceid": "***REMOVED SENSITIVE VALUE***", "theme": "", "loglevel": 2, "maintenance": false } } ```

Client configuration

Browser: Chrome 72.0.3626.109 (Official Build) (64-bit) Operating system: Windows 10 17763.316

Logs

Nextcloud log (data/owncloud.log)

Nextcloud log ``` Deploying Nextcloud 15.0.5.3... Deployment finished. Configuring Nextcloud to use Redis-based session storage. [05-Mar-2019 03:10:18] NOTICE: fpm is running, pid 1 [05-Mar-2019 03:10:18] NOTICE: ready to handle connections 127.0.0.1 - 05/Mar/2019:03:10:39 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:10:42 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:11:00 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:11:12 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:11:12 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:11:12 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:11:12 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:11:14 +0000 "GET /ocs/v2.php" 200 127.0.0.1 - 05/Mar/2019:03:11:14 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:11:14 +0000 "PROPFIND /remote.php" 207 127.0.0.1 - 05/Mar/2019:03:11:14 +0000 "GET /index.php" 201 127.0.0.1 - 05/Mar/2019:03:11:18 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:11:19 +0000 "GET /ocs/v2.php" 200 127.0.0.1 - 05/Mar/2019:03:11:19 +0000 "GET /ocs/v2.php" 200 127.0.0.1 - 05/Mar/2019:03:11:19 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:11:49 +0000 "GET /ocs/v2.php" 200 127.0.0.1 - 05/Mar/2019:03:12:20 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:12:21 +0000 "GET /cron.php" 200 127.0.0.1 - 05/Mar/2019:03:12:22 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:12:24 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:12:39 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:12:39 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:12:39 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:12:39 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:12:40 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:12:41 +0000 "GET /cron.php" 200 127.0.0.1 - 05/Mar/2019:03:12:41 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:12:42 +0000 "GET /ocs/v2.php" 204 127.0.0.1 - 05/Mar/2019:03:12:43 +0000 "GET /index.php" 200 127.0.0.1 - 05/Mar/2019:03:13:18 +0000 "PUT /remote.php" 415 {"reqId":"d5zWaJtaKEA5cnDQQcec","level":2,"time":"2019-03-05T03:13:19+00:00","remoteAddr":"67.241.72.73","user":"admin","app":"files_antivirus","method":"PUT","url":"\/remote.php\/webdav\/eicar.txt","message":"Infected file deleted. Eicar-Test-Signature Account: admin Path: files\/eicar.txt.ocTransferId413104186.part","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/72.0.3626.109 Safari\/537.36","version":"15.0.5.3"} {"reqId":"d5zWaJtaKEA5cnDQQcec","level":4,"time":"2019-03-05T03:13:19+00:00","remoteAddr":"67.241.72.73","user":"admin","app":"files_antivirus","method":"PUT","url":"\/remote.php\/webdav\/eicar.txt","message":"Infected file deleted. Eicar-Test-Signature File: files\/eicar.txt.ocTransferId413104186.part Account: admin","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/72.0.3626.109 Safari\/537.36","version":"15.0.5.3"} {"reqId":"d5zWaJtaKEA5cnDQQcec","level":3,"time":"2019-03-05T03:13:19+00:00","remoteAddr":"67.241.72.73","user":"admin","app":"no app in context","method":"PUT","url":"\/remote.php\/webdav\/eicar.txt","message":{"Exception":"OCP\\Files\\InvalidContentException","Message":"Virus Eicar-Test-Signature is detected in the file. Upload cannot be completed.","Code":0,"Trace":[{"function":"OCA\\Files_Antivirus\\{closure}","class":"OCA\\Files_Antivirus\\AvirWrapper","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/3rdparty\/icewind\/streams\/src\/CallbackWrapper.php","line":121,"function":"call_user_func","args":[{"__class__":"Closure"}]},{"file":"\/var\/www\/html\/custom_apps\/files_antivirus\/lib\/AvirWrapper.php","line":94,"function":"stream_close","class":"Icewind\\Streams\\CallbackWrapper","type":"->","args":[]},{"file":"\/var\/www\/html\/lib\/private\/Files\/Storage\/Wrapper\/Wrapper.php","line":630,"function":"writeStream","class":"OCA\\Files_Antivirus\\AvirWrapper","type":"->","args":["files\/eicar.txt.ocTransferId413104186.part",null,null]},{"file":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/File.php","line":182,"function":"writeStream","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->","args":["files\/eicar.txt.ocTransferId413104186.part",null]},{"file":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/Directory.php","line":156,"function":"put","class":"OCA\\DAV\\Connector\\Sabre\\File","type":"->","args":[null]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":1096,"function":"createFile","class":"OCA\\DAV\\Connector\\Sabre\\Directory","type":"->","args":["eicar.txt",null]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/CorePlugin.php","line":525,"function":"createFile","class":"Sabre\\DAV\\Server","type":"->","args":["eicar.txt",null,null]},{"function":"httpPut","class":"Sabre\\DAV\\CorePlugin","type":"->","args":[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"__class__":"Sabre\\DAV\\CorePlugin"},"httpPut"],[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":479,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["method:PUT",[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/html\/apps\/dav\/appinfo\/v1\/webdav.php","line":80,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"\/var\/www\/html\/remote.php","line":163,"args":["\/var\/www\/html\/apps\/dav\/appinfo\/v1\/webdav.php"],"function":"require_once"}],"File":"\/var\/www\/html\/custom_apps\/files_antivirus\/lib\/AvirWrapper.php","Line":154,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/72.0.3626.109 Safari\/537.36","version":"15.0.5.3"} {"reqId":"d5zWaJtaKEA5cnDQQcec","level":4,"time":"2019-03-05T03:13:19+00:00","remoteAddr":"67.241.72.73","user":"admin","app":"webdav","method":"PUT","url":"\/remote.php\/webdav\/eicar.txt","message":{"Exception":"OCA\\DAV\\Connector\\Sabre\\Exception\\UnsupportedMediaType","Message":"Virus Eicar-Test-Signature is detected in the file. Upload cannot be completed.","Code":0,"Trace":[{"file":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/File.php","line":226,"function":"convertToSabreException","class":"OCA\\DAV\\Connector\\Sabre\\File","type":"->","args":[{"__class__":"OCP\\Files\\InvalidContentException"}]},{"file":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/Directory.php","line":156,"function":"put","class":"OCA\\DAV\\Connector\\Sabre\\File","type":"->","args":[null]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":1096,"function":"createFile","class":"OCA\\DAV\\Connector\\Sabre\\Directory","type":"->","args":["eicar.txt",null]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/CorePlugin.php","line":525,"function":"createFile","class":"Sabre\\DAV\\Server","type":"->","args":["eicar.txt",null,null]},{"function":"httpPut","class":"Sabre\\DAV\\CorePlugin","type":"->","args":[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"__class__":"Sabre\\DAV\\CorePlugin"},"httpPut"],[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":479,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["method:PUT",[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/html\/apps\/dav\/appinfo\/v1\/webdav.php","line":80,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"\/var\/www\/html\/remote.php","line":163,"args":["\/var\/www\/html\/apps\/dav\/appinfo\/v1\/webdav.php"],"function":"require_once"}],"File":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/File.php","Line":595,"Previous":{"Exception":"OCP\\Files\\InvalidContentException","Message":"Virus Eicar-Test-Signature is detected in the file. Upload cannot be completed.","Code":0,"Trace":[{"function":"OCA\\Files_Antivirus\\{closure}","class":"OCA\\Files_Antivirus\\AvirWrapper","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/3rdparty\/icewind\/streams\/src\/CallbackWrapper.php","line":121,"function":"call_user_func","args":[{"__class__":"Closure"}]},{"file":"\/var\/www\/html\/custom_apps\/files_antivirus\/lib\/AvirWrapper.php","line":94,"function":"stream_close","class":"Icewind\\Streams\\CallbackWrapper","type":"->","args":[]},{"file":"\/var\/www\/html\/lib\/private\/Files\/Storage\/Wrapper\/Wrapper.php","line":630,"function":"writeStream","class":"OCA\\Files_Antivirus\\AvirWrapper","type":"->","args":["files\/eicar.txt.ocTransferId413104186.part",null,null]},{"file":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/File.php","line":182,"function":"writeStream","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->","args":["files\/eicar.txt.ocTransferId413104186.part",null]},{"file":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/Directory.php","line":156,"function":"put","class":"OCA\\DAV\\Connector\\Sabre\\File","type":"->","args":[null]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":1096,"function":"createFile","class":"OCA\\DAV\\Connector\\Sabre\\Directory","type":"->","args":["eicar.txt",null]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/CorePlugin.php","line":525,"function":"createFile","class":"Sabre\\DAV\\Server","type":"->","args":["eicar.txt",null,null]},{"function":"httpPut","class":"Sabre\\DAV\\CorePlugin","type":"->","args":[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"__class__":"Sabre\\DAV\\CorePlugin"},"httpPut"],[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":479,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["method:PUT",[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/html\/apps\/dav\/appinfo\/v1\/webdav.php","line":80,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"\/var\/www\/html\/remote.php","line":163,"args":["\/var\/www\/html\/apps\/dav\/appinfo\/v1\/webdav.php"],"function":"require_once"}],"File":"\/var\/www\/html\/custom_apps\/files_antivirus\/lib\/AvirWrapper.php","Line":154},"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/72.0.3626.109 Safari\/537.36","version":"15.0.5.3"} 127.0.0.1 - 05/Mar/2019:03:13:40 +0000 "GET /ocs/v2.php" 200 ```

Browser log

Browser log ``` Request URL: https://example.com/remote.php/webdav/eicar.txt Request Method: PUT Status Code: 415 Remote Address: ***REMOVED SENSITIVE VALUE*** Referrer Policy: no-referrer cache-control: no-store, no-cache, must-revalidate content-security-policy: default-src 'none'; content-type: application/xml; charset=utf-8 date: Tue, 05 Mar 2019 03:37:39 GMT expires: Thu, 19 Nov 1981 08:52:00 GMT pragma: no-cache server: nginx/1.15.8 status: 415 strict-transport-security: max-age=15724800; includeSubDomains x-frame-options: SAMEORIGIN :authority: example.com :method: PUT :path: /remote.php/webdav/eicar.txt :scheme: https accept: */* accept-encoding: gzip, deflate, br accept-language: en-US,en;q=0.9 cache-control: no-cache content-disposition: attachment; filename="eicar.txt" content-length: 68 content-type: text/plain cookie: ***REMOVED SENSITIVE VALUE*** if-none-match: * ocs-apirequest: true origin: https://example.com pragma: no-cache requesttoken: FmCzvHlyNMw18NZuAg6tPpefecOZQd0/CrYgTgOBA/c=:JgLclzofV+NZvuQeUWiZXfvMH6LBDpBJO+dNB2jqRZQ= user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 x-requested-with: XMLHttpRequest ```
GuyPaddock commented 5 years ago

One wrinkle in my new setup I did not have with Nextcloud 15.0.2 is that we are now behind the Kubernetes NGinx ingress controller. It may be the case that the ingress controller is not sending along the response body for the 415 response; I am not sure how to get to the bottom of this yet. More coming soon I hope.

GuyPaddock commented 5 years ago

I checked but do not think ingress is to blame here.

ruppo68 commented 5 years ago

Nextcloud: 16.0.5 Antivirus for files: 2.2.0 Same error: In the nextcloud.log i find: {"reqId":"6VMLrXIJhkwWUOidxQov","level":3,"time":"2019-10-16T10:10:30+02:00","remoteAddr":"192.168.7.11","user":"--","app":"no app in context","method":"PUT","url":"\/public.php\/webdav\/PB000075_BOM_AA.doc","message":{"Exception":"OCP\ Files\InvalidContentException","Message":"Virus YARA.office_macro.UNOFFICIAL is detected in the file. Upload cannot be completed.","Code":0,"Trace":[{"function":"OCA\Files_Antivirus\{closure}","class":"OCA\Files_Antivirus\AvirWrappe r","type":"->","args":[" sensitive parameters replaced "]},{"file":"\/var\/www\/nextcloud\/apps\/files_external\/3rdparty\/icewind\/streams\/src\/CallbackWrapper.php","line":121,"function":"call_user_func","args":[{"class":"Clo sure"}]},{"file":"\/var\/www\/nextcloud\/apps\/files_antivirus\/lib\/AvirWrapper.php","line":94,"function":"stream_close","class":"Icewind\Streams\CallbackWrapper","type":"->","args":[]},{"file":"\/var\/www\/nextcloud\/lib\/private\/Fi les\/Storage\/Wrapper\/Wrapper.php","line":630,"function":"writeStream","class":"OCA\Files_Antivirus\AvirWrapper","type":"->","args":["files\/Abschirmblech PB 75\/PB000075_BOM_AA.doc.ocTransferId1735300639.part",null,null]},{"file":"\/ var\/www\/nextcloud\/lib\/private\/Files\/Storage\/Wrapper\/Wrapper.php","line":630,"function":"writeStream","class":"OC\Files\Storage\Wrapper\Wrapper","type":"->","args":["files\/Abschirmblech PB 75\/PB000075_BOM_AA.doc.ocTransferId 1735300639.part",null,null]},{"file":"\/var\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/File.php","line":191,"function":"writeStream","class":"OC\Files\Storage\Wrapper\Wrapper","type":"->","args":["files\/Abschirmblech PB 75\/ PB000075_BOM_AA.doc.ocTransferId1735300639.part",null]},{"file":"\/var\/www\/nextcloud\/apps\/dav\/lib\/Connector\/Sabre\/Directory.php","line":156,"function":"put","class":"OCA\DAV\Connector\Sabre\File","type":"->","args":[null]},{" file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":1096,"function":"createFile","class":"OCA\DAV\Connector\Sabre\Directory","type":"->","args":["PB000075_BOM_AA.doc",null]},{"file":"\/var\/www\/nextcloud \/3rdparty\/sabre\/dav\/lib\/DAV\/CorePlugin.php","line":525,"function":"createFile","class":"Sabre\DAV\Server","type":"->","args":["PB000075_BOM_AA.doc",null,null]},{"function":"httpPut","class":"Sabre\DAV\CorePlugin","type":"->","a rgs":[{"absoluteUrl":"https:\/\/shares.tq-group.com\/public.php\/webdav\/PB000075_BOM_AA.doc","class":"Sabre\HTTP\Request"},{"class":"Sabre\HTTP\Response"}]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/event\/lib\/EventE mitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"class":"Sabre\DAV\CorePlugin"},"httpPut"],[{"absoluteUrl":"https:\/\/shares.tq-group.com\/public.php\/webdav\/PB000075_BOM_AA.doc","class":"Sabre\HTTP\R equest"},{"class":"Sabre\HTTP\Response"}]]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":479,"function":"emit","class":"Sabre\Event\EventEmitter","type":"->","args":["method:PUT",[{"absoluteU rl":"https:\/\/shares.tq-group.com\/public.php\/webdav\/PB000075_BOM_AA.doc","class":"Sabre\HTTP\Request"},{"class":"Sabre\HTTP\Response"}]]},{"file":"\/var\/www\/nextcloud\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line": 254,"function":"invokeMethod","class":"Sabre\DAV\Server","type":"->","args":[{"absoluteUrl":"https:\/\/shares.tq-group.com\/public.php\/webdav\/PB000075_BOM_AA.doc","class":"Sabre\HTTP\Request"},{"class":"Sabre\HTTP\Respons e"}]},{"file":"\/var\/www\/nextcloud\/apps\/dav\/appinfo\/v1\/publicwebdav.php","line":107,"function":"exec","class":"Sabre\DAV\Server","type":"->","args":[]},{"file":"\/var\/www\/nextcloud\/public.php","line":79,"args":["\/var\/www\/n extcloud\/apps\/dav\/appinfo\/v1\/publicwebdav.php"],"function":"require_once"}],"File":"\/var\/www\/nextcloud\/apps\/files_antivirus\/lib\/AvirWrapper.php","Line":154,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win 64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.120 Safari\/537.36","version":"16.0.5.1"}

tobiasge commented 4 years ago

I'm still seeing this problem: Nextcloud: 18.0.0.10 Antivirus: 2.2.1

`[webdav] Fatal: OCA\DAV\Connector\Sabre\Exception\UnsupportedMediaType: Virus Eicar-Test-Signature is detected in the file. Upload cannot be completed. at <>

  1. /var/www/domain/htdocs/apps/dav/lib/Connector/Sabre/File.php line 244 OCA\DAV\Connector\Sabre\File->convertToSabreException(OCP\Files\InvalidContentException {})
  2. /var/www/domain/htdocs/apps/dav/lib/Connector/Sabre/Directory.php line 156 OCA\DAV\Connector\Sabre\File->put(null)
  3. /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php line 1096 OCA\DAV\Connector\Sabre\Directory->createFile("eicar.com", null)
  4. /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/CorePlugin.php line 525 Sabre\DAV\Server->createFile("Documents/eicar.com", null, null)
  5. <> Sabre\DAV\CorePlugin->httpPut(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
  6. /var/www/domain/htdocs/3rdparty/sabre/event/lib/EventEmitterTrait.php line 105 call_user_func_array([Sabre\DAV\CorePlugin {},"httpPut"], [Sabre\HTTP\Requ ... }])
  7. /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php line 479 Sabre\Event\EventEmitter->emit("method:PUT", [Sabre\HTTP\Requ ... }])
  8. /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php line 254 Sabre\DAV\Server->invokeMethod(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
  9. /var/www/domain/htdocs/apps/dav/appinfo/v1/webdav.php line 82 Sabre\DAV\Server->exec()
  10. /var/www/domain/htdocs/remote.php line 165 require_once("/var/www/share. ... p")

PUT /remote.php/webdav/Documents/eicar.com from x.x.x.x by yyy at 2020-01-21T13:50:36+00:00

[no app in context] Error: OCP\Files\InvalidContentException: Virus Eicar-Test-Signature is detected in the file. Upload cannot be completed. at <>

  1. <> OCA\Files_Antivirus\AvirWrapper->OCA\Files_Antivirus{closure}(" sensitive parameters replaced ")
  2. /var/www/domain/htdocs/3rdparty/icewind/streams/src/CallbackWrapper.php line 121 call_user_func(Closure {})
  3. /var/www/domain/htdocs/apps/files_antivirus/lib/AvirWrapper.php line 94 Icewind\Streams\CallbackWrapper->stream_close()
  4. /var/www/domain/htdocs/lib/private/Files/Storage/Wrapper/Wrapper.php line 630 OCA\Files_Antivirus\AvirWrapper->writeStream("files/Documents ... t", null, null)
  5. /var/www/domain/htdocs/lib/private/Files/Storage/Wrapper/Wrapper.php line 630 OC\Files\Storage\Wrapper\Wrapper->writeStream("files/Documents ... t", null, null)
  6. /var/www/domain/htdocs/apps/dav/lib/Connector/Sabre/File.php line 192 OC\Files\Storage\Wrapper\Wrapper->writeStream("files/Documents ... t", null)
  7. /var/www/domain/htdocs/apps/dav/lib/Connector/Sabre/Directory.php line 156 OCA\DAV\Connector\Sabre\File->put(null)
  8. /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php line 1096 OCA\DAV\Connector\Sabre\Directory->createFile("eicar.com", null)
  9. /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/CorePlugin.php line 525 Sabre\DAV\Server->createFile("Documents/eicar.com", null, null)
  10. <> Sabre\DAV\CorePlugin->httpPut(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
    1. /var/www/domain/htdocs/3rdparty/sabre/event/lib/EventEmitterTrait.php line 105 call_user_func_array([Sabre\DAV\CorePlugin {},"httpPut"], [Sabre\HTTP\Requ ... }])
    2. /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php line 479 Sabre\Event\EventEmitter->emit("method:PUT", [Sabre\HTTP\Requ ... }])
    3. /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php line 254 Sabre\DAV\Server->invokeMethod(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
    4. /var/www/domain/htdocs/apps/dav/appinfo/v1/webdav.php line 82 Sabre\DAV\Server->exec()
    5. /var/www/domain/htdocs/remote.php line 165 require_once("/var/www/share. ... p")

PUT /remote.php/webdav/Documents/eicar.com from x.x.x.x by yyy at 2020-01-21T13:50:36+00:00 ` Nextcloud

lastsamurai26 commented 4 years ago

Same here.

nextcloud version 18.0.3 Scanner version 2.3.0

AetherCollective commented 4 years ago

Adding my own logs here in hopes this gets fixed. These logs are for issues #148 and #119 (This one)

Steps to reproduce

  1. Downloaded a virus test file (just any file you know is infected and will be detected by ClamAV)
  2. Attempt to upload above file to web interface

Expected behaviour

  1. File should be logged only or deleted, depending on the server settings.
  2. A notification telling the user a file was deleted due to being infected should be shown.

Actual behaviour

  1. File gets deleted as soon as it gets detected, despite being set to log only.
  2. "An unknown error has occurred" notification appears instead of the intended "Infected file deleted..." message

Server configuration detail

Operating system: Linux 5.4.0-48-generic #52-Ubuntu SMP Thu Sep 10 10:58:49 UTC 2020 x86_64

Webserver: Apache (fpm-fcgi)

Database: pgsql PostgreSQL 12.4 (Ubuntu 12.4-0ubuntu0.20.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 9.3.0-10ubuntu2) 9.3.0, 64-bit

PHP version:

7.4.3 Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, sodium, cgi-fcgi, json, igbinary, apcu, smbclient, PDO, xml, bcmath, bz2, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, gmp, iconv, imagick, imap, intl, redis, ldap, exif, pdo_pgsql, pgsql, Phar, posix, readline, shmop, SimpleXML, soap, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, xmlreader, xmlwriter, xsl, zip, libsmbclient, Zend OPcache

Nextcloud version: 19.0.3 - 19.0.3.1

Updated from an older Nextcloud/ownCloud or fresh install: Fresh Install

Where did you install Nextcloud from: nextcloud/vm

Signing status Array ( )
List of activated apps ``` Enabled: - accessibility: 1.5.0 - activity: 2.12.0 - admin_audit: 1.9.0 - announcementcenter: 3.8.1 - appointments: 1.7.6 - apporder: 0.11.0 - audioplayer: 2.11.2 - audioplayer_editor: 0.2.2 - breezedark: 19.0.4 - calendar: 2.0.4 - camerarawpreviews: 0.7.8 - checksum: 0.4.5 - cloud_federation_api: 1.2.0 - comments: 1.9.0 - contacts: 3.3.0 - contactsinteraction: 1.0.0 - cospend: 1.0.5 - data_request: 1.6.0 - dav: 1.15.0 - deck: 1.0.5 - dicomviewer: 1.2.2 - documentserver_community: 0.1.7 - drawio: 0.9.7 - duplicatefinder: 0.0.2 - event_update_notification: 1.0.2 - external: 3.6.0 - extract: 1.2.4 - federatedfilesharing: 1.9.0 - federation: 1.9.0 - files: 1.14.0 - files_3d: 0.3.1 - files_accesscontrol: 1.9.1 - files_antivirus: 3.0.0 - files_automatedtagging: 1.9.0 - files_fulltextsearch: 1.4.3 - files_linkeditor: 1.1.2 - files_lock: 0.8.3 - files_markdown: 2.3.1 - files_pdfviewer: 1.8.0 - files_photospheres: 1.19.1 - files_rightclick: 0.16.0 - files_sharing: 1.11.0 - files_trackdownloads: 1.8.0 - files_trashbin: 1.9.0 - files_versions: 1.12.0 - files_videoplayer: 1.8.0 - firstrunwizard: 2.8.0 - forms: 2.0.4 - fulltextsearch: 1.4.2 - fulltextsearch_elasticsearch: 1.5.2 - groupfolders: 7.0.0 - imageconverter: 1.2.1 - issuetemplate: 0.7.0 - logreader: 2.4.0 - lookup_server_connector: 1.7.0 - metadata: 0.12.0 - music: 0.16.0 - news: 14.2.2 - nextcloud_announcements: 1.8.0 - notes: 3.6.4 - notifications: 2.7.0 - oauth2: 1.7.0 - onlyoffice: 6.0.0 - password_policy: 1.9.1 - photos: 1.1.0 - polls: 1.4.3 - previewgenerator: 2.3.0 - printer: 0.0.3 - privacy: 1.3.0 - provisioning_api: 1.9.0 - quota_warning: 1.8.0 - ransomware_detection: 0.8.0 - ransomware_protection: 1.7.0 - recommendations: 0.7.0 - registration: 0.5.0 - serverinfo: 1.9.0 - settings: 1.1.0 - sharebymail: 1.9.0 - sharingpath: 0.2.5 - side_menu: 1.16.0 - social: 0.3.1 - socialsharing_diaspora: 2.1.0 - socialsharing_email: 2.1.0 - socialsharing_facebook: 2.1.0 - socialsharing_twitter: 2.1.0 - spreed: 9.0.4 - support: 1.2.1 - survey_client: 1.7.0 - systemtags: 1.9.0 - talk_simple_poll: 1.1.1 - tasks: 0.13.3 - text: 3.0.1 - theming: 1.10.0 - twofactor_backupcodes: 1.8.0 - unsplash: 1.1.6 - updatenotification: 1.9.0 - video_converter: 0.1.4 - viewer: 1.3.0 - workflow_pdf_converter: 1.4.0 - workflow_script: 1.4.0 - workflowengine: 2.1.0 Disabled: - encryption - facerecognition - files_external - mail - radio - user_ldap ```
Configuration (config/config.php) ``` { "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "localhost", "10.0.2.15", "loveazure.cloud", "loveazure.cloud", "192.168.86.20" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "pgsql", "version": "19.0.3.1", "overwrite.cli.url": "https:\/\/loveazure.cloud\/", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "instanceid": "***REMOVED SENSITIVE VALUE***", "upgrade.disable-web": "true", "log_type": "file", "logfile": "\/var\/log\/nextcloud\/nextcloud.log", "loglevel": "2", "log.condition": { "apps": [ "admin_audit" ] }, "mail_smtpmode": "smtp", "remember_login_cookie_lifetime": "31449600", "log_rotate_size": "0", "trashbin_retention_obligation": "auto, 180", "versions_retention_obligation": "auto, 365", "simpleSignUpLink.shown": false, "memcache.local": "\\OC\\Memcache\\APCu", "filelocking.enabled": true, "memcache.distributed": "\\OC\\Memcache\\Redis", "memcache.locking": "\\OC\\Memcache\\Redis", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": 0, "timeout": 0.5, "dbindex": 0, "password": "***REMOVED SENSITIVE VALUE***" }, "logtimezone": "US\/Eastern", "htaccess.RewriteBase": "\/", "maintenance": false, "enable_previews": true, "enabledPreviewProviders": [ "OC\\Preview\\PNG", "OC\\Preview\\JPEG", "OC\\Preview\\GIF", "OC\\Preview\\BMP", "OC\\Preview\\MarkDown", "OC\\Preview\\MP3", "OC\\Preview\\TXT", "OC\\Preview\\Movie", "OC\\Preview\\Photoshop", "OC\\Preview\\SVG", "OC\\Preview\\TIFF" ], "preview_max_x": "2048", "preview_max_y": "2048", "jpeg_quality": "60", "mail_smtpsecure": "tls", "mail_sendmailmode": "smtp", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtpauthtype": "LOGIN", "mail_smtpauth": 1, "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "587", "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "app_install_overwrite": [ "dicomviewer", "radio" ] } ```

Are you using external storage, if yes which one: no

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36

Operating system: Windows 10 Pro; Version 2004; Build 19041.338

Logs

Web server error log ![https://loveazure.cloud/s/X9wNr8mf3cnSsDR/preview](https://loveazure.cloud/s/X9wNr8mf3cnSsDR/preview)
Nextcloud log https://loveazure.cloud/s/fEnwFyN7Rb66t9W (needs mirror, I cannot guarantee availability on my own server)
Browser log No relevant logs. Just a bunch of jquery depreciation warnings that are present even in a fresh install
it25fg commented 3 years ago
  1. File gets deleted as soon as it gets detected, despite being set to log only.

@EmilyLove26 The choice between 'delete' and 'log only' applies to background scans (cron). For uploads by browser or sync client, there's no such choice. (Or, the docs are wrong)

GAS85 commented 3 years ago

The fact is that there are 2 different jobs are implemented and not well documented.

  1. Is a background in meaning of periodical Cron job with scanning all files. Could be configured via Admin panel, but has few Problems #150 and #152 and not working as expected.
  2. Is non-background job in meaning of direct checking by uploading of new files. Will not produce mean full error message (this ticket), will reduce upload speed #147 and delete files #148 without any other option #126