search

nextcloud / ransomware_protection

An app that prevents uploading files that have names that are linked to known ransomware
https://apps.nextcloud.com/apps/ransomware_protection
GNU Affero General Public License v3.0
63 stars 24 forks source link

Ransomware protection 1.7 allow creation of banned files #80

Closed versussoft closed 3 years ago

versussoft commented 3 years ago

Steps to reproduce

  1. In the Nextcloud web interface create a file called test.md.lock

Expected behaviour

An error message should appear and the file should not be created

Actual behaviour

In the log appear the message Warning | ransomware_protection | Prevented upload of test/test.md.lock because it matches extension pattern ".lock" However there does not appear error message in the web interface and the file is created normally

Server configuration

Operating system: Debian LTS

Web server: Apache 2.4.24

Database: MariaDB 10.1.47

PHP version: 7.4.14

Nextcloud version: 19.0.7

Where did you install Nextcloud from: Update from Nextcloud 18

List of activated apps:

Enabled:
  - accessibility: 1.5.0
  - activity: 2.12.1
  - breezedark: 19.0.9
  - calendar: 2.0.4
  - cloud_federation_api: 1.2.0
  - comments: 1.9.0
  - contacts: 3.4.3
  - contactsinteraction: 1.0.0
  - dav: 1.15.0
  - federatedfilesharing: 1.9.0
  - federation: 1.9.0
  - files: 1.14.0
  - files_pdfviewer: 1.8.0
  - files_rightclick: 0.16.0
  - files_sharing: 1.11.0
  - files_trashbin: 1.9.0
  - files_versions: 1.12.0
  - files_videoplayer: 1.8.0
  - firstrunwizard: 2.8.0
  - logreader: 2.4.0
  - lookup_server_connector: 1.7.0
  - nextcloud_announcements: 1.8.0
  - notifications: 2.7.0
  - oauth2: 1.7.0
  - password_policy: 1.9.1
  - photos: 1.1.0
  - privacy: 1.3.0
  - provisioning_api: 1.9.0
  - ransomware_protection: 1.7.0
  - recommendations: 0.7.0
  - serverinfo: 1.9.0
  - settings: 1.1.0
  - sharebymail: 1.9.0
  - support: 1.2.1
  - survey_client: 1.7.0
  - systemtags: 1.9.0
  - text: 3.0.1
  - theming: 1.10.0
  - twofactor_backupcodes: 1.8.0
  - updatenotification: 1.9.0
  - viewer: 1.3.0
  - workflowengine: 2.1.0
Disabled:
  - admin_audit
  - encryption
  - files_external
  - files_texteditor
  - gallery
  - user_ldap

Nextcloud configuration:

{    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "integrity.check.disabled": true,
        "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\Memcached",
        "memcache.distributed": "\\OC\\Memcache\\Memcached",
        "dbtype": "mysql",
        "version": "19.0.7.1",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "mail_smtpmode": "smtp",
        "mail_smtpsecure": "tls",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauth": 1,
        "mail_smtpauthtype": "PLAIN",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "htaccess.RewriteBase": "\/",
        "maintenance": false,
        "theme": "",
        "loglevel": 2,
        "filelocking.enabled": "true",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "timeout": 0
        },
        "mysql.utf8mb4": true,
        "updater.release.channel": "stable",
        "app_install_overwrite": [
            "ransomware_protection"
        ],
        "updater.secret": "***REMOVED SENSITIVE VALUE***"
    }
}

Client configuration

Browser: Firefox 84.0.2

Operating system: Windows 10 

{"reqId":"PVTq6fuNhD4PpnpAkhJ4","level":2,"time":"2021-01-22T19:17:06+00:00","remoteAddr":"217.217.**.**","user":"**","app":"ransomware_protection","method":"GET","url":"/remote.php/dav/files/****/test/test.md.lock","message":"Prevented upload of test/test.md.lock because it matches extension pattern \".lock\"","userAgent":"Mozilla/5.0 (Windows) mirall/3.1.1stable-Win64 (build 20201222) (Nextcloud)","version":"19.0.7.1"}

Browser log

Insert your browser log here, this could for example include: a) The javascript console log


$ is deprecated: The global jQuery is deprecated. It will be updated to v2.4 in Nextcloud 20 and v3.x in Nextcloud 21. In later versions of Nextcloud it might be removed completely. Please ship your own. 5 globals.js:61:15
$ is deprecated: The global jQuery is deprecated. It will be updated to v2.4 in Nextcloud 20 and v3.x in Nextcloud 21. In later versions of Nextcloud it might be removed completely. Please ship your own. 4 globals.js:61:15
$ is deprecated: The global jQuery is deprecated. It will be updated to v2.4 in Nextcloud 20 and v3.x in Nextcloud 21. In later versions of Nextcloud it might be removed completely. Please ship your own. 2 globals.js:61:15
$ is deprecated: The global jQuery is deprecated. It will be updated to v2.4 in Nextcloud 20 and v3.x in Nextcloud 21. In later versions of Nextcloud it might be removed completely. Please ship your own. 20 globals.js:61:15
jQuery is deprecated: The global jQuery is deprecated. It will be updated to v2.4 in Nextcloud 20 and v3.x in Nextcloud 21. In later versions of Nextcloud it might be removed completely. Please ship your own. globals.js:61:15
$ is deprecated: The global jQuery is deprecated. It will be updated to v2.4 in Nextcloud 20 and v3.x in Nextcloud 21. In later versions of Nextcloud it might be removed completely. Please ship your own. 5 globals.js:61:15
showDetailsView is deprecated! Use OCA.Files.Sidebar.activeTab. It will be removed in nextcloud 20. merged-index.js:4509:12
$ is deprecated: The global jQuery is deprecated. It will be updated to v2.4 in Nextcloud 20 and v3.x in Nextcloud 21. In later versions of Nextcloud it might be removed completely. Please ship your own. globals.js:61:15
The select2 library is deprecated! It will be removed in nextcloud 19. 2 globals.js:61:15
$ is deprecated: The global jQuery is deprecated. It will be updated to v2.4 in Nextcloud 20 and v3.x in Nextcloud 21. In later versions of Nextcloud it might be removed completely. Please ship your own. 2 globals.js:61:15
The select2 library is deprecated! It will be removed in nextcloud 19. 2 globals.js:61:15
The select2 library is deprecated! It will be removed in nextcloud 19. 2 globals.js:61:15
$ is deprecated: The global jQuery is deprecated. It will be updated to v2.4 in Nextcloud 20 and v3.x in Nextcloud 21. In later versions of Nextcloud it might be removed completely. Please ship your own. 2 globals.js:61:15
The select2 library is deprecated! It will be removed in nextcloud 19. 2 globals.js:61:15
autosize is deprecated: please ship your own, this will be removed in Nextcloud 20 globals.js:61:15
$ is deprecated: The global jQuery is deprecated. It will be updated to v2.4 in Nextcloud 20 and v3.x in Nextcloud 21. In later versions of Nextcloud it might be removed completely. Please ship your own. globals.js:61:15
The select2 library is deprecated! It will be removed in nextcloud 19. globals.js:61:15
The select2 library is deprecated! It will be removed in nextcloud 19. globals.js:61:15
$ is deprecated: The global jQuery is deprecated. It will be updated to v2.4 in Nextcloud 20 and v3.x in Nextcloud 21. In later versions of Nextcloud it might be removed completely. Please ship your own. globals.js:61:15
The escapeHTML library is deprecated! It will be removed in nextcloud 19. 3 globals.js:61:15
moment is deprecated: please ship your own, this will be removed in Nextcloud 20 2 globals.js:61:15
recommendations 
Array []
SharingInput.vue:306
The select2 library is deprecated! It will be removed in nextcloud 19.
nickvergessen commented 3 years ago

Ransomware can not upload via the browser, so that is not blocked intentionally, but only when it comes from the desktop client

versussoft commented 3 years ago

Indeed, using the Nextcloud desktop client, the file with a prohibited extension is not uploaded. Thanks!

nickvergessen commented 3 years ago

No, it slays worked like that 😎