jkellerer
commented
4 years ago (Re)scanning of existing files is a common practice to find infections that weren’t detectable when files had been uploaded.
So there are use cases for the current behavior, however it should be a config option.
Steps to reproduce
Expected behaviour
Antivirus should only scan newly uploaded files. In the situation above, it should do nothing.
Actual behaviour
Antivirus app starts feeding files on external storage to Clamav. I have had this configuration for quite some time (at least a few months, probably longer). Scanning of existing files on external storage started very recently; so either with Nextcloud 16, or with a new antivirus app version, or a combination of the two. An option to simply disable scanning of external storage would already help
Server configuration
Steps to reproduce
Expected behaviour
Antivirus should only scan newly uploaded files. In the situation above, it should do nothing.
Actual behaviour
Antivirus app starts feeding files on external storage to Clamav.
Server configuration detail
Operating system: Linux 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:46:08 UTC 2019 x86_64
Webserver: Apache (apache2handler)
Database: mysql 5.7.26
PHP version:
7.2.17-0ubuntu0.18.04.1 Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, sodium, session, standard, apache2handler, mysqlnd, PDO, xml, apcu, apc, bz2, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, iconv, imagick, intl, json, ldap, exif, mysqli, pdo_mysql, pdo_sqlite, Phar, posix, pspell, readline, shmop, SimpleXML, sockets, sqlite3, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xmlreader, xmlwriter, xsl, zip, mailparse, Zend OPcache
Nextcloud version: 16.0.1 - 16.0.1.1
Updated from an older Nextcloud/ownCloud or fresh install:
Where did you install Nextcloud from: unknown
Signing status
Array ( )List of activated apps
``` Enabled: [Note: antivirus disabled temporarily, to avoid 100% CPU load om ClamAV] - apporder: 0.7.1 - bookmarks: 1.0.5 - bruteforcesettings: 1.3.0 - calendar: 1.7.0 - cloud_federation_api: 0.2.0 - contacts: 3.1.1 - dav: 1.9.2 - deck: 0.6.2 - external: 3.3.0 - federatedfilesharing: 1.6.0 - files: 1.11.0 - files_accesscontrol: 1.6.0 - files_automatedtagging: 1.6.0 - files_external: 1.7.0 - files_frommail: 0.2.0 - files_markdown: 2.0.6 - files_pdfviewer: 1.5.0 - files_retention: 1.5.1 - files_rightclick: 0.13.0 - files_sharing: 1.8.0 - files_texteditor: 2.8.0 - files_trashbin: 1.6.0 - files_versions: 1.9.0 - files_videoplayer: 1.5.0 - firstrunwizard: 2.5.0 - gallery: 18.3.0 - gpxpod: 3.0.3 - groupfolders: 4.0.1 - impersonate: 1.3.0 - issuetemplate: 0.5.0 - logreader: 2.1.0 - lookup_server_connector: 1.4.0 - mail: 0.15.1 - metadata: 0.9.0 - nextcloud_announcements: 1.5.0 - notes: 2.6.0 - notifications: 2.4.1 - oauth2: 1.4.2 - password_policy: 1.6.0 - previewgenerator: 2.1.0 - privacy: 1.0.0 - provisioning_api: 1.6.0 - ransomware_protection: 1.4.0 - recommendations: 0.4.0 - sharebymail: 1.6.0 - sharerenamer: 2.6.0 - social: 0.1.4 - spreed: 6.0.1 - survey_client: 1.4.0 - suspicious_login: 1.0.0 - systemtags: 1.6.0 - theming: 1.7.0 - twofactor_backupcodes: 1.5.0 - twofactor_nextcloud_notification: 1.1.1 - twofactor_totp: 2.1.2 - updatenotification: 1.6.0 - viewer: 1.0.0 - workflowengine: 1.6.0 Disabled: - accessibility - activity - admin_audit - comments - encryption - federation - files_antivirus - files_external_gdrive - keeweb - piwik - ransomware_detection - serverinfo - support - tasks - user_external - user_ldap - workflow_pdf_converter - workflow_script ```Configuration (config/config.php)
``` { "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "localhost", "nonplus.nl", "keynes.nonplus.nl", "www.nonplus.nl" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "overwrite.cli.url": "https:\/\/www.nonplus.nl\/npc", "dbtype": "mysql", "version": "16.0.1.1", "installed": true, "maintenance": false, "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "forcessl": true, "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_smtpmode": "sendmail", "mail_domain": "***REMOVED SENSITIVE VALUE***", "theme": "", "secret": "***REMOVED SENSITIVE VALUE***", "preview_libreoffice_path": "\/usr\/bin\/libreoffice", "loglevel": 2, "logtimezone": "Europe\/Berlin", "log_authfailip": true, "log_rotate_size": 10485760, "logfile": "\/var\/log\/nextcloud\/nextcloud.log", "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "587", "mail_smtpsecure": "ssl", "enable_previews": "true", "filelocking.enabled": "true", "memcache.local": "\\OC\\Memcache\\APCu", "appstore.experimental.enabled": true, "trashbin_retention_obligation": "30,30", "versions_retention_obligation": "auto", "updatechecker": true, "htaccess.RewriteBase": "\/npc", "singleuser": false, "quota_include_external_storage": false, "updater.release.channel": "stable", "mail_smtpauthtype": "LOGIN", "mysql.utf8mb4": true, "simpleSignUpLink.shown": false, "activity_expire_days": 35, "twofactor_enforced": "false", "twofactor_enforced_groups": [ "admin" ], "twofactor_enforced_excluded_groups": [], "app_install_overwrite": [ "calendar", "admin_notifications" ] } ```Are you using external storage, if yes which one: local/smb/sftp/...
Are you using encryption:
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
Client configuration
Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3789.0 Safari/537.36 Edg/76.0.159.0
Operating system:
Logs
Web server error log
``` Insert your web server log here ```Nextcloud log
``` Insert your Nextcloud log here ```Browser log
Insert your browser log here, this could for example include: a) The javascript console log b) The network log c) ...