search

nextcloud / files_antivirus

👾 Antivirus app for Nextcloud Files
https://apps.nextcloud.com/apps/files_antivirus
GNU Affero General Public License v3.0
85 stars 36 forks source link

ClamAV returning [] error when scanning xlsx files. #261

Closed madman2012 closed 6 months ago

madman2012 commented 1 year ago

Steps to reproduce

  1. Happens all the time. I don't know if its a configuration thing or not. most likey. I could not find in the documentation where I can adjust the files that it is set to scan given the structure of the container.

Expected behavior

Actual behavior

[files_antivirus] Error: Not Checked. No matching rule for response []. Please check antivirus rules configuration. File: 35659 Account: admin Path: /admin/files/@Documents to sort/Forward Curves v1.xlsx

Host OS

Unraid

Nextcloud AIO version

25.0.2

Current channel

latest

Other valuable info

vanantwerp commented 1 year ago

I'm getting this error frequently (but for .zip files) on a fresh AIO install.

ShGKme commented 1 year ago

Try to check this file directly in ClamAV and check the error, for example, timeout.

MalteP commented 10 months ago

I've run into the same error message and started to debug the files_antivirus plugin.

First, I scanned the file on the console using clamscan which worked as expected:

root@nextcloud-vm:/var/www/nextcloud# clamscan /opt/nextcloud/data/admin/files/testfile.zip
Loading:    14s, ETA:   0s [========================>]    8.68M/8.68M sigs
Compiling:   4s, ETA:   0s [========================>]       41/41 tasks

/opt/nextcloud/data/admin/files/testfile.zip: OK

----------- SCAN SUMMARY -----------
Known viruses: 8680175
Engine version: 1.0.3
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 76.54 MB
Data read: 18.31 MB (ratio 4.18:1)
Time: 101.229 sec (1 m 41 s)
Start Date: 2023:12:08 15:41:46
End Date:   2023:12:08 15:43:27

Now let's do the same thing using the occ command as it will be run from the background scan cronjob while tracking the script runtime:

root@nextcloud-vm:/var/www/nextcloud# time sudo -u www-data php occ files_antivirus:scan /admin/files/testfile.zip
/admin/files/testfile.zip couldn't be scanned: No matching rule for response []. Please check antivirus rules configuration.

real    1m0,391s
user    0m0,001s
sys     0m0,009s

It takes almost exactly one minute to fail. Well, that's kind of suspicious. Digging around in the PHP documentation, I found out that default_socket_timeout may apply.

root@nextcloud-vm:/var/www/nextcloud# cat /etc/php/8.1/cli/php.ini | grep socket_timeout
default_socket_timeout = 60

Bingo. It's set to 60s by default. Let's try 10 minutes.

root@nextcloud-vm:/var/www/nextcloud# vi /etc/php/8.1/cli/php.ini

root@nextcloud-vm:/var/www/nextcloud# cat /etc/php/8.1/cli/php.ini | grep socket_timeout
default_socket_timeout = 600

... and check again:

root@nextcloud-vm:/var/www/nextcloud# time sudo -u www-data php occ files_antivirus:scan /admin/files/testfile.zip
/admin/files/testfile.zip is clean

real    1m3,900s
user    0m0,004s
sys     0m0,004s

Nice - it does not time out anymore.

I would suggest catching the timeout if possible and throw a more accurate error message. Also it might be possible to modify the timeout during script runtime using stream_set_timeout()?

I hope this information is helpful to fix the problem.

szaimen commented 6 months ago

I would suggest catching the timeout if possible and throw a more accurate error message. Also it might be possible to modify the timeout during script runtime using stream_set_timeout()?

sounds great! cc @ArtificialOwl @icewind1991

pabloeisenhut commented 3 months ago

I no longer get the error message Not Checked. No matching rules. Please check antivirus rules but instead Not Checked. Socket timed out while scanning File: ****.xlsx is displayed in my logs almost every minute.

Can the problem be solved with the same approach?