search

nextcloud / files_antivirus

👾 Antivirus app for Nextcloud Files
https://apps.nextcloud.com/apps/files_antivirus
GNU Affero General Public License v3.0
81 stars 33 forks source link

Enhancement: additional options when viruses are detected #239

Open Forza-tng opened 1 year ago

Forza-tng commented 1 year ago

Steps to reproduce

  1. Enable Antivirus for files
  2. Go to Security Settings
  3. Select drop down "When infected files..."

Expected behaviour

Actual behaviour

Only log and Delete file are the only available options image

Server configuration

Operating system: Gentoo Linux: Kernel 5.17.15

Web server: Caddy v2.5.1

Database: MariaDB 10.6.8

PHP version: PHP with FPM 8.1.8

Nextcloud version: (see Nextcloud admin page) 24.0.3.2

Where did you install Nextcloud from: Initially used Gentoo Portage, but changed to use occ upgrade

julian70400 commented 11 months ago

Yes, email notification to admin would be wonderfull and really usefull !

Actually, we - admin - are notifyed by nothing.. If there is something wrong, if user don't see the small notification, nothing happened except quarantine or delete.

As admin, we need to be alerted by mail.

tx0h commented 9 months ago

i just added a pull request which adds a virus warning to the suspected files filename. it is simple to do and you could take it as a scheme for your own needs.

komoricodrutz commented 4 months ago

Hi. I would also add some other possible useful features:

  1. Regarding the suggestion above: Perhaps even easier than sending an e-mail, the option to notify the current user himself and the admin user(s) by means of the nextcloud notifications system.
  2. An option to quarantine would indeed be beneficial.
  3. Perhaps a multiple selection available in that "When infected..." dropdown menu for possible actions.
  4. If the option to delete was selected, perhaps when deleting, replacing the file with a text file called "[initialfilename]-Deleted by antivirus" or something like that. This would make the antivirus activity more transparent to the user and serve to also caution them that they may possibly be infected (especially important if the user does not use the Web UI so often and relies on the desktop client app for syncing).
  5. Currently, if you are syncing files with the desktop client app, the upload of infected files still takes place, relying on the background scan to actually detect and to remove the file (only if the option was selected). But between those background scans, the file is already on the server, allowing other users to potentially become infected (if it is a shared folder, especially if that shared folder is also synced with other desktop clients)... So perhaps a scan during file creation on the server should also take place, just as it does in the web ui and at least block the upload, if not delete it from the client computer's synced folder or quarantining it.
  6. A dedicated, easily accessible log location in the ui, thus removing the need for admins to sift through all the logs in order to find antivirus events.
  7. And perhaps also some hints in the UI about the signatures, database version, last update, etc, perhaps also including the option to manually run a freshclam and see the output of the freshclam process.