64738648732
commented
3 months ago In NC 28.0.3 ESET Server Security is still not working as ICAP Server. Is there any update to this bug? Could I help with some additional informations?
Closed Bastix1686 closed 5 days ago
64738648732
commented
3 months ago In NC 28.0.3 ESET Server Security is still not working as ICAP Server. Is there any update to this bug? Could I help with some additional informations?
obuno
commented
3 months ago Have a check here, I think that this will answer your question: https://forum.eset.com/topic/31081-icap-server-problems/ https://help.eset.com/efs/8.1/en-US/remote-scanning.html
In essence, the answer you're getting is a "Product Management" commercial choice NOT to allow what you want according to my readings.
icewind1991
commented
1 month ago 5.5.1 tweaked the ICAP client behavior a bit, can you test if this is still an issue with that version of the app?
michag86
commented
1 month ago Tested with ESET 10.3.3.0:
occ files_antivirus:test --debug Scanning regular text: ICAP Request headers: RESPMOD icap://127.0.0.1/avscan ICAP/1.0 Allow: 204 Host: 127.0.0.1 User-Agent: NC-ICAP-CLIENT/0.5.0 Connection: close Encapsulated: req-hdr=0, res-hdr=42, res-body=80
GET /foo.txt HTTP/1.0 Host: nextcloud
HTTP/1.0 200 OK Content-Length: 1
ICAP Response: ICAP/1.0 204 No modification Encapsulated: null-body=0 ISTag: "b9eb4f031598bb0b-1716440776"
✓ Scanning EICAR test file: ICAP Request headers: RESPMOD icap://127.0.0.1/avscan ICAP/1.0 Allow: 204 Host: 127.0.0.1 User-Agent: NC-ICAP-CLIENT/0.5.0 Connection: close Encapsulated: req-hdr=0, res-hdr=55, res-body=93
GET /test-virus-eicar.txt HTTP/1.0 Host: nextcloud
HTTP/1.0 200 OK Content-Length: 1
ICAP Response: ICAP/1.0 200 OK ISTag: "b9eb4f031598bb0b-1716440776" Encapsulated: res-hdr=0, res-body=70 X-Infection-Found: Type=0; Resolution=0; Threat=Eicar; X-Virus-ID: Testdatei X-Response-Info: Blocked X-Response-Description: Durch Löschen gesäubert
HTTP/1.1 403 Forbidden Content-Type: text/html Content-Length: 0
0
❌ file not detected
icewind1991
commented
1 month ago Can you see https://github.com/nextcloud/files_antivirus/pull/336 solves the issue for you?
michag86
commented
1 month ago Can you see #336 solves the issue for you?
I've tested it with version 5.5.2.
I will test this tomorrow.
michag86
commented
1 month ago The Changes from #336 seem to work:
# time occ files_antivirus:test | ts '[%Y-%m-%d %H:%M:%S]'
[2024-05-24 06:15:32] Scanning regular text: ✓
[2024-05-24 06:15:32] Scanning EICAR test file: ✓
[2024-05-24 06:15:32] Scanning modified EICAR test file: ✓
real 0m0,588s
user 0m0,046s
sys 0m0,011sBut I noticed that the debug output is very slow:
# time occ files_antivirus:test --debug | ts '[%Y-%m-%d %H:%M:%S]'
[2024-05-24 06:15:47] Scanning regular text:
[2024-05-24 06:15:47] ICAP Request headers:
[2024-05-24 06:15:47] RESPMOD icap://127.0.0.1/avscan ICAP/1.0
[2024-05-24 06:15:47] Allow: 204
[2024-05-24 06:15:47] Host: 127.0.0.1
[2024-05-24 06:15:47] User-Agent: NC-ICAP-CLIENT/0.5.0
[2024-05-24 06:15:47] Connection: close
[2024-05-24 06:15:47] Encapsulated: req-hdr=0, res-hdr=42, res-body=80
[2024-05-24 06:15:47]
[2024-05-24 06:15:47] GET /foo.txt HTTP/1.0
[2024-05-24 06:15:47] Host: nextcloud
[2024-05-24 06:15:47]
[2024-05-24 06:15:47] HTTP/1.0 200 OK
[2024-05-24 06:15:47] Content-Length: 1
[2024-05-24 06:15:47]
[2024-05-24 06:15:47]
[2024-05-24 06:16:47] ICAP Response:
[2024-05-24 06:16:47] ICAP/1.0 204 No modification
[2024-05-24 06:16:47] Encapsulated: null-body=0
[2024-05-24 06:16:47] ISTag: "b9eb4f031598bb0b-1716508244"
[2024-05-24 06:16:47]
[2024-05-24 06:16:47]
[2024-05-24 06:16:47] ✓
[2024-05-24 06:16:47] Scanning EICAR test file:
[2024-05-24 06:16:47] ICAP Request headers:
[2024-05-24 06:16:47] RESPMOD icap://127.0.0.1/avscan ICAP/1.0
[2024-05-24 06:16:47] Allow: 204
[2024-05-24 06:16:47] Host: 127.0.0.1
[2024-05-24 06:16:47] User-Agent: NC-ICAP-CLIENT/0.5.0
[2024-05-24 06:16:47] Connection: close
[2024-05-24 06:16:47] Encapsulated: req-hdr=0, res-hdr=55, res-body=93
[2024-05-24 06:16:47]
[2024-05-24 06:16:47] GET /test-virus-eicar.txt HTTP/1.0
[2024-05-24 06:16:47] Host: nextcloud
[2024-05-24 06:16:47]
[2024-05-24 06:16:47] HTTP/1.0 200 OK
[2024-05-24 06:16:47] Content-Length: 1
[2024-05-24 06:16:47]
[2024-05-24 06:16:47]
[2024-05-24 06:17:47] ICAP Response:
[2024-05-24 06:17:47] ICAP/1.0 200 OK
[2024-05-24 06:17:47] ISTag: "b9eb4f031598bb0b-1716508244"
[2024-05-24 06:17:47] Encapsulated: res-hdr=0, res-body=70
[2024-05-24 06:17:47] X-Infection-Found: Type=0; Resolution=0; Threat=Eicar;
[2024-05-24 06:17:47] X-Virus-ID: Testdatei
[2024-05-24 06:17:47] X-Response-Info: Blocked
[2024-05-24 06:17:47] X-Response-Description: Durch Löschen gesäubert
[2024-05-24 06:17:47]
[2024-05-24 06:17:47] HTTP/1.1 403 Forbidden
[2024-05-24 06:17:47] Content-Type: text/html
[2024-05-24 06:17:47] Content-Length: 0
[2024-05-24 06:17:47]
[2024-05-24 06:17:47] 0
[2024-05-24 06:17:47]
[2024-05-24 06:17:47]
[2024-05-24 06:17:47]
[2024-05-24 06:17:47] ✓
[2024-05-24 06:17:47] Scanning modified EICAR test file:
[2024-05-24 06:17:47] ICAP Request headers:
[2024-05-24 06:17:47] RESPMOD icap://127.0.0.1/avscan ICAP/1.0
[2024-05-24 06:17:47] Allow: 204
[2024-05-24 06:17:47] Host: 127.0.0.1
[2024-05-24 06:17:47] User-Agent: NC-ICAP-CLIENT/0.5.0
[2024-05-24 06:17:47] Connection: close
[2024-05-24 06:17:47] Encapsulated: req-hdr=0, res-hdr=64, res-body=102
[2024-05-24 06:17:47]
[2024-05-24 06:17:47] GET /test-virus-eicar-modified.txt HTTP/1.0
[2024-05-24 06:17:47] Host: nextcloud
[2024-05-24 06:17:47]
[2024-05-24 06:17:47] HTTP/1.0 200 OK
[2024-05-24 06:17:47] Content-Length: 1
[2024-05-24 06:17:47]
[2024-05-24 06:17:47]
[2024-05-24 06:18:47] ICAP Response:
[2024-05-24 06:18:47] ICAP/1.0 200 OK
[2024-05-24 06:18:47] ISTag: "b9eb4f031598bb0b-1716508244"
[2024-05-24 06:18:47] Encapsulated: res-hdr=0, res-body=70
[2024-05-24 06:18:47] X-Infection-Found: Type=0; Resolution=0; Threat=Eicar;
[2024-05-24 06:18:47] X-Virus-ID: Testdatei
[2024-05-24 06:18:47] X-Response-Info: Blocked
[2024-05-24 06:18:47] X-Response-Description: Durch Löschen gesäubert
[2024-05-24 06:18:47]
[2024-05-24 06:18:47] HTTP/1.1 403 Forbidden
[2024-05-24 06:18:47] Content-Type: text/html
[2024-05-24 06:18:47] Content-Length: 0
[2024-05-24 06:18:47]
[2024-05-24 06:18:47] 0
[2024-05-24 06:18:47]
[2024-05-24 06:18:47]
[2024-05-24 06:18:47]
[2024-05-24 06:18:47] ✓
real 3m0,724s
user 0m0,057s
sys 0m0,018sAnd the message for the detection on Upload now looks like this:
Fehler beim Hochladen: Der Virus Type=0; Resolution=0; Threat=Eicar; wurde in der Datei gefunden. Das Hochladen kann nicht abgeschlossen werden.
michag86
commented
1 month ago Here are the relevant configurations:
# occ config:list files_antivirus
{
"apps": {
"files_antivirus": {
"av_host": "127.0.0.1",
"av_icap_mode": "respmod",
"av_icap_request_service": "scan",
"av_icap_response_header": "X-Infection-Found",
"av_icap_tls": "0",
"av_infected_action": "delete",
"av_max_file_size": "-1",
"av_mode": "icap",
"av_port": "1344",
"av_scan_first_bytes": "-1",
"av_stream_max_length": "262144400",
[...]
}
}
}av_icap_request_service can be anything. this does not makes any difference.
Maybe there could be a template added with Name ESET and this settings: "av_icap_mode": "respmod", "av_icap_request_service": "scan", "av_icap_response_header": "X-Infection-Found",
michag86
commented
1 month ago The occ files_antivirus:test looks good as written above, but I noticed, that there are errors in the nextcloud.log, when cron.php is running:
{"reqId":"VfvQcoU5BarZTx4Qt0oF","level":3,"time":"2024-05-29T06:45:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fwrite(): Send of 532490 bytes failed with errno=32 Broken pipe at /var/www/nextcloud/apps/files_antivirus/lib/ICAP/ICAPRequest.php#115","userAgent":"--","version":"28.0.5.2","data":{"app":"PHP"}}
{"reqId":"VfvQcoU5BarZTx4Qt0oF","level":3,"time":"2024-05-29T06:45:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fwrite(): Send of 1056778 bytes failed with errno=32 Broken pipe at /var/www/nextcloud/apps/files_antivirus/lib/ICAP/ICAPRequest.php#115","userAgent":"--","version":"28.0.5.2","data":{"app":"PHP"}}
{"reqId":"VfvQcoU5BarZTx4Qt0oF","level":3,"time":"2024-05-29T06:45:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fwrite(): Send of 1056778 bytes failed with errno=32 Broken pipe at /var/www/nextcloud/apps/files_antivirus/lib/ICAP/ICAPRequest.php#115","userAgent":"--","version":"28.0.5.2","data":{"app":"PHP"}}
{"reqId":"VfvQcoU5BarZTx4Qt0oF","level":3,"time":"2024-05-29T06:45:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fwrite(): Send of 1056778 bytes failed with errno=32 Broken pipe at /var/www/nextcloud/apps/files_antivirus/lib/ICAP/ICAPRequest.php#115","userAgent":"--","version":"28.0.5.2","data":{"app":"PHP"}}
{"reqId":"VfvQcoU5BarZTx4Qt0oF","level":3,"time":"2024-05-29T06:45:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fwrite(): Send of 1056778 bytes failed with errno=32 Broken pipe at /var/www/nextcloud/apps/files_antivirus/lib/ICAP/ICAPRequest.php#115","userAgent":"--","version":"28.0.5.2","data":{"app":"PHP"}}
{"reqId":"VfvQcoU5BarZTx4Qt0oF","level":3,"time":"2024-05-29T06:45:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fwrite(): Send of 1056778 bytes failed with errno=32 Broken pipe at /var/www/nextcloud/apps/files_antivirus/lib/ICAP/ICAPRequest.php#115","userAgent":"--","version":"28.0.5.2","data":{"app":"PHP"}}
{"reqId":"VfvQcoU5BarZTx4Qt0oF","level":3,"time":"2024-05-29T06:45:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fwrite(): Send of 1056778 bytes failed with errno=32 Broken pipe at /var/www/nextcloud/apps/files_antivirus/lib/ICAP/ICAPRequest.php#115","userAgent":"--","version":"28.0.5.2","data":{"app":"PHP"}}
{"reqId":"VfvQcoU5BarZTx4Qt0oF","level":3,"time":"2024-05-29T06:45:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fwrite(): Send of 1056778 bytes failed with errno=32 Broken pipe at /var/www/nextcloud/apps/files_antivirus/lib/ICAP/ICAPRequest.php#115","userAgent":"--","version":"28.0.5.2","data":{"app":"PHP"}}
{"reqId":"VfvQcoU5BarZTx4Qt0oF","level":3,"time":"2024-05-29T06:45:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fwrite(): Send of 1056778 bytes failed with errno=32 Broken pipe at /var/www/nextcloud/apps/files_antivirus/lib/ICAP/ICAPRequest.php#115","userAgent":"--","version":"28.0.5.2","data":{"app":"PHP"}}
{"reqId":"VfvQcoU5BarZTx4Qt0oF","level":3,"time":"2024-05-29T06:45:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fwrite(): Send of 1056778 bytes failed with errno=32 Broken pipe at /var/www/nextcloud/apps/files_antivirus/lib/ICAP/ICAPRequest.php#115","userAgent":"--","version":"28.0.5.2","data":{"app":"PHP"}}
{"reqId":"VfvQcoU5BarZTx4Qt0oF","level":3,"time":"2024-05-29T06:45:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fwrite(): Send of 1056778 bytes failed with errno=32 Broken pipe at /var/www/nextcloud/apps/files_antivirus/lib/ICAP/ICAPRequest.php#115","userAgent":"--","version":"28.0.5.2","data":{"app":"PHP"}}
{"reqId":"VfvQcoU5BarZTx4Qt0oF","level":3,"time":"2024-05-29T06:45:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fwrite(): Send of 1056778 bytes failed with errno=32 Broken pipe at /var/www/nextcloud/apps/files_antivirus/lib/ICAP/ICAPRequest.php#115","userAgent":"--","version":"28.0.5.2","data":{"app":"PHP"}}
{"reqId":"VfvQcoU5BarZTx4Qt0oF","level":3,"time":"2024-05-29T06:45:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fwrite(): Send of 1056778 bytes failed with errno=32 Broken pipe at /var/www/nextcloud/apps/files_antivirus/lib/ICAP/ICAPRequest.php#115","userAgent":"--","version":"28.0.5.2","data":{"app":"PHP"}}
{"reqId":"VfvQcoU5BarZTx4Qt0oF","level":3,"time":"2024-05-29T06:45:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fwrite(): Send of 1056778 bytes failed with errno=32 Broken pipe at /var/www/nextcloud/apps/files_antivirus/lib/ICAP/ICAPRequest.php#115","userAgent":"--","version":"28.0.5.2","data":{"app":"PHP"}}
{"reqId":"VfvQcoU5BarZTx4Qt0oF","level":3,"time":"2024-05-29T06:45:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fwrite(): Send of 1056778 bytes failed with errno=32 Broken pipe at /var/www/nextcloud/apps/files_antivirus/lib/ICAP/ICAPRequest.php#115","userAgent":"--","version":"28.0.5.2","data":{"app":"PHP"}}
{"reqId":"VfvQcoU5BarZTx4Qt0oF","level":3,"time":"2024-05-29T06:45:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fwrite(): Send of 747686 bytes failed with errno=32 Broken pipe at /var/www/nextcloud/apps/files_antivirus/lib/ICAP/ICAPRequest.php#115","userAgent":"--","version":"28.0.5.2","data":{"app":"PHP"}}
{"reqId":"VfvQcoU5BarZTx4Qt0oF","level":3,"time":"2024-05-29T06:45:02+00:00","remoteAddr":"","user":"--","app":"PHP","method":"","url":"--","message":"fwrite(): Send of 5 bytes failed with errno=32 Broken pipe at /var/www/nextcloud/apps/files_antivirus/lib/ICAP/ICAPRequest.php#119","userAgent":"--","version":"28.0.5.2","data":{"app":"PHP"}}
{"reqId":"VfvQcoU5BarZTx4Qt0oF","level":3,"time":"2024-05-29T06:45:02+00:00","remoteAddr":"","user":"--","app":"core","method":"","url":"--","message":"Error while running background job (class: OCA\\Files_Antivirus\\BackgroundJob\\BackgroundScanner, arguments: )","userAgent":"--","version":"28.0.5.2","exception":{"Exception":"TypeError","Message":"trim(): Argument #1 ($string) must be of type string, bool given","Code":0,"Trace":[{"file":"/var/www/nextcloud/apps/files_antivirus/lib/ICAP/ResponseParser.php","line":81,"function":"trim","args":[false]},{"file":"/var/www/nextcloud/apps/files_antivirus/lib/ICAP/ResponseParser.php","line":43,"function":"parseResHdr","class":"OCA\\Files_Antivirus\\ICAP\\ResponseParser","type":"->","args":[null,"null-body=0"]},{"file":"/var/www/nextcloud/apps/files_antivirus/lib/ICAP/ICAPRequest.php","line":132,"function":"read_response","class":"OCA\\Files_Antivirus\\ICAP\\ResponseParser","type":"->","args":[null]},{"file":"/var/www/nextcloud/apps/files_antivirus/lib/Scanner/ICAP.php","line":115,"function":"finish","class":"OCA\\Files_Antivirus\\ICAP\\ICAPRequest","type":"->","args":[]},{"file":"/var/www/nextcloud/apps/files_antivirus/lib/Scanner/ICAP.php","line":138,"function":"scanBuffer","class":"OCA\\Files_Antivirus\\Scanner\\ICAP","type":"->","args":[]},{"file":"/var/www/nextcloud/apps/files_antivirus/lib/Scanner/ScannerBase.php","line":99,"function":"shutdownScanner","class":"OCA\\Files_Antivirus\\Scanner\\ICAP","type":"->","args":[]},{"file":"/var/www/nextcloud/apps/files_antivirus/lib/BackgroundJob/BackgroundScanner.php","line":282,"function":"scan","class":"OCA\\Files_Antivirus\\Scanner\\ScannerBase","type":"->","args":[["OCA\\Files_Antivirus\\Item"]]},{"file":"/var/www/nextcloud/apps/files_antivirus/lib/BackgroundJob/BackgroundScanner.php","line":144,"function":"scanOneFile","class":"OCA\\Files_Antivirus\\BackgroundJob\\BackgroundScanner","type":"->","args":[["OC\\Files\\Node\\File"]]},{"file":"/var/www/nextcloud/apps/files_antivirus/lib/BackgroundJob/BackgroundScanner.php","line":97,"function":"processFiles","class":"OCA\\Files_Antivirus\\BackgroundJob\\BackgroundScanner","type":"->","args":[["LimitIterator"]]},{"file":"/var/www/nextcloud/apps/files_antivirus/lib/BackgroundJob/BackgroundScanner.php","line":80,"function":"scan","class":"OCA\\Files_Antivirus\\BackgroundJob\\BackgroundScanner","type":"->","args":[100]},{"file":"/var/www/nextcloud/lib/public/BackgroundJob/Job.php","line":81,"function":"run","class":"OCA\\Files_Antivirus\\BackgroundJob\\BackgroundScanner","type":"->","args":[null]},{"file":"/var/www/nextcloud/lib/public/BackgroundJob/TimedJob.php","line":102,"function":"start","class":"OCP\\BackgroundJob\\Job","type":"->","args":[["OC\\BackgroundJob\\JobList"]]},{"file":"/var/www/nextcloud/lib/public/BackgroundJob/TimedJob.php","line":92,"function":"start","class":"OCP\\BackgroundJob\\TimedJob","type":"->","args":[["OC\\BackgroundJob\\JobList"]]},{"file":"/var/www/nextcloud/cron.php","line":152,"function":"execute","class":"OCP\\BackgroundJob\\TimedJob","type":"->","args":[["OC\\BackgroundJob\\JobList"],["OC\\Log"]]}],"File":"/var/www/nextcloud/apps/files_antivirus/lib/ICAP/ResponseParser.php","Line":81,"message":"Error while running background job (class: OCA\\Files_Antivirus\\BackgroundJob\\BackgroundScanner, arguments: )","exception":{},"CustomMessage":"Error while running background job (class: OCA\\Files_Antivirus\\BackgroundJob\\BackgroundScanner, arguments: )"}}The fix has been released with 5.5.3. I'm a bit hesitant to add a configuration prefix for it since it implies a level of support that I'm not confident implying given the minor issues described here and my lack of ability to test things myself.
salamander555
commented
2 weeks ago In general, the connection between nextcloud and eset works.
In our environment, we have encountered the following problem.
If files are uploaded that contain a space in the file name e.g. "abc 123.txt", the upload cannot be completed.
I receive an error message in nextcloud and a corresponding entry in the eset log.
Screenshots are attached.
salamander555
commented
5 days ago Great project. The eset ICAP connection works with version 5.5.6. Thanks
ICAP Virusscan against ESET Server Security for Linux works with "c-icap-client":
Same Configuration in Antivirus for Files shows "Invalid response from ICAP server"