Closed aaaskew closed 1 month ago
Hmm, this is a new one...
I was trying to be cautious since we're downloading from an external source. I don't want the users to get any virus. :|
Maybe if you can find a better source for the download which we can trust? Then I can make a new PR for this.
This is what happens in the background:
Checking connection to https://www.miyuru.lk/geoiplegacy...
++ curl -LI https://www.miyuru.lk/geoiplegacy -o /dev/null -w '%{http_code}\n' -s
+ CURL_STATUS=200
+ [[ 200 = \2\0\0 ]]
+ return 0
+ curl -s https://www.miyuru.lk/geoiplegacy
+ grep -q 'September 2024'
+ grep -c GeoIP.dat /etc/apache2/apache2.conf
1
+ '[' '!' -f /usr/share/GeoIP/GeoIPv4.dat ']'
+ download_geoip_dat 4 v4
+ site_200 https://dl.miyuru.lk/geoip/maxmind/country/maxmind4.dat.gz
+ print_text_in_color '\e[0;96m' 'Checking connection to https://dl.miyuru.lk/geoip/maxmind/country/maxmind4.dat.gz...'
+ printf '%b%s%b\n' '\e[0;96m' 'Checking connection to https://dl.miyuru.lk/geoip/maxmind/country/maxmind4.dat.gz...' '\e[0m'
Checking connection to https://dl.miyuru.lk/geoip/maxmind/country/maxmind4.dat.gz...
++ curl -LI https://dl.miyuru.lk/geoip/maxmind/country/maxmind4.dat.gz -o /dev/null -w '%{http_code}\n' -s
+ CURL_STATUS=200
+ [[ 200 = \2\0\0 ]]
+ return 0
+ curl_to_dir https://dl.miyuru.lk/geoip/maxmind/country maxmind4.dat.gz /tmp
+ '[' '!' -d /tmp ']'
+ rm -f /tmp/maxmind4.dat.gz
+ '[' -n yes ']'
+ curl -sfL https://dl.miyuru.lk/geoip/maxmind/country/maxmind4.dat.gz -o /tmp/maxmind4.dat.gz
+ metadefender-scan /tmp/maxmind4.dat.gz
+ grep '"scan_all_result_a":"No Threat Detected","current_av_result_a":"No Threat Detected"'
++ sha256sum /tmp/maxmind4.dat.gz
+ hash='b4452b6ef8225d3eb49752cb5ea371a6fd8d5401215c016d16fdfb1eb01d1922 /tmp/maxmind4.dat.gz'
+ hash=b4452b6ef8225d3eb49752cb5ea371a6fd8d5401215c016d16fdfb1eb01d1922
+ apikey=7XXXXXXXXXXXXXXX
+ curl https://api.metadefender.com/v4/hash/b4452b6ef8225d3eb49752cb5ea371a6fd8d5401215c016d16fdfb1eb01d1922 -H 'apikey: 7283aa9bbcee83132506659a4e5675bb'
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 3841 100 3841 0 0 9280 0 --:--:-- --:--:-- --:--:-- 9300
{"last_sandbox_id":[{"sandbox_id":"66e4845890309dfc4ad0d892","system":"filescanio","date":"2024-09-13T18:28:52.537Z"}],"votes":{"down":0,"up":0},"last_start_time":"2024-09-13T19:21:16.770Z","scan_result_history_length":2,"file_id":"bzI0MDkxMzdCYmVETHVxUVU","data_id":"bzI0MDkxMzdCYmVETHVxUVVrS3R5bDVDeGlL_mdaas","sanitized":{"result":"Error","reason":"CDR Unsupported file type","progress_percentage":100},"process_info":{"progress_percentage":100,"result":"Allowed","post_processing":{"sanitization_details":{},"actions_failed":"","actions_ran":"","converted_destination":"","converted_to":"","copy_move_destination":""},"blocked_reason":"","profile":"multiscan_sanitize","verdicts":["No Threat Detected"],"blocked_reasons":[]},"scan_results":{"scan_details":{"Bkav Pro":{"scan_time":212,"def_time":"2024-09-09T15:30:00.000Z","scan_result_i":0,"threat_found":""},"Avira":{"scan_time":16,"def_time":"2024-09-09T09:55:00.000Z","scan_result_i":0,"threat_found":""},"CMC":{"scan_time":6,"def_time":"2024-09-09T17:43:43.000Z","scan_result_i":0,"threat_found":""},"K7":{"scan_time":3,"def_time":"2024-09-09T01:20:00.000Z","scan_result_i":0,"threat_found":""},"Xvirus Anti-Malware":{"scan_time":183,"def_time":"2024-09-08T19:35:03.000Z","scan_result_i":0,"threat_found":""},"NANOAV":{"scan_time":2,"def_time":"2024-09-09T04:26:00.000Z","scan_result_i":0,"threat_found":""},"Sophos":{"scan_time":144,"def_time":"2024-09-09T00:46:24.000Z","scan_result_i":0,"threat_found":""},"TACHYON":{"scan_time":24,"def_time":"2024-09-09T00:00:00.000Z","scan_result_i":0,"threat_found":""},"RocketCyber":{"scan_result_i":23,"scan_time":3,"def_time":"2024-09-09T00:00:00.000Z","threat_found":""},"Quick Heal":{"scan_time":1,"def_time":"2024-09-08T22:18:00.000Z","scan_result_i":0,"threat_found":""},"McAfee":{"scan_time":2,"def_time":"2024-09-08T00:00:00.000Z","scan_result_i":0,"threat_found":""},"Webroot":{"scan_result_i":23,"scan_time":1,"def_time":"2024-09-08T21:00:16.000Z","threat_found":""},"Emsisoft":{"scan_time":11,"def_time":"2024-09-09T03:35:00.000Z","scan_result_i":0,"threat_found":""},"ClamAV":{"scan_time":151,"def_time":"2024-09-09T09:19:51.000Z","scan_result_i":0,"threat_found":""},"IKARUS":{"scan_time":4,"def_time":"2024-09-09T08:50:16.000Z","scan_result_i":0,"threat_found":""},"CrowdStrike Falcon ML":{"scan_result_i":23,"scan_time":6,"def_time":"2024-09-09T00:00:00.000Z","threat_found":""},"Varist":{"scan_time":32,"def_time":"2024-09-09T09:49:00.000Z","scan_result_i":0,"threat_found":""},"Lionic":{"scan_time":75,"def_time":"2024-09-08T01:05:36.000Z","scan_result_i":0,"threat_found":""},"Bitdefender":{"scan_time":5,"def_time":"2024-09-09T08:52:06.000Z","scan_result_i":0,"threat_found":""},"Zillya!":{"scan_time":3,"def_time":"2024-09-06T21:09:00.000Z","scan_result_i":0,"threat_found":""},"AhnLab":{"scan_time":1,"def_time":"2024-09-10T00:00:00.000Z","scan_result_i":0,"threat_found":""},"Vir.IT ML":{"scan_time":2,"def_time":"2024-09-13T12:45:00.000Z","scan_result_i":0,"threat_found":""},"Vir.IT eXplorer":{"scan_time":6,"def_time":"2024-09-13T12:45:00.000Z","scan_result_i":0,"threat_found":""}},"scan_all_result_i":0,"current_av_result_i":0,"start_time":"2024-09-13T19:21:16.770Z","total_time":212,"total_avs":23,"total_detected_avs":0,"progress_percentage":100,"scan_all_result_a":"No Threat Detected","current_av_result_a":"No Threat Detected"},"file_info":{"file_size":1576192,"upload_timestamp":"2024-09-13T19:21:15.221Z","md5":"AB1BF046A2E4C5C2C27E94952371B324","sha1":"7C34D36BB7C27DD73CA78BCFE76B6C9918E41952","sha256":"B4452B6EF8225D3EB49752CB5EA371A6FD8D5401215C016D16FDFB1EB01D1922","file_type_category":"A","file_type_description":"GNU Zipped Archive","file_type_extension":"gz","display_name":"maxmind4(5).dat.gz"},"share_file":1,"private_processing":0,"rest_version":"4","additional_info":["sandbox"],"stored":true}
+ install_if_not gzip
+ dpkg-query -W '-f=${Status}' gzip
+ grep -q 'ok installed'
+ gzip -d /tmp/maxmind4.dat.gz
+ mv /tmp/maxmind4.dat /usr/share/GeoIP/GeoIPv4.dat
+ chown root:root /usr/share/GeoIP/GeoIPv4.dat
+ chmod 644 /usr/share/GeoIP/GeoIPv4.dat
+ find /var/scripts -type f -regex '/var/scripts/202[0-9]-[01][0-9]-Maxmind-Country-IPv4\.dat' -delete
+ rm -f /usr/share/GeoIP/GeoIP.dat
+ sed -i 's|GeoIPDBFile /usr/share/GeoIP/GeoIP.dat|GeoIPDBFile /usr/share/GeoIP/GeoIPv4.dat|g' /etc/apache2/apache2.conf
+ check_command systemctl restart apache2
+ systemctl restart apache2
So in other words, it works as expected, but maybe not for you? It's a new function to check for virus, so maybe it detecs another IP and blocks the attempt? Can you please post your full output?
Please check the PR, should work.
Sorry for the delay, will need to take a look this evening UK time.
I'm in CEST, no worries.
Steps To Reproduce
Expected Result
Geoblocking IPs stops people outside the country from connecting
Actual Result
Everyone on IPv4 (I think) is blocked with
Forbidden You don't have permission to access this resource.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Screenshots, Videos, or Pastebins
Additional Context
This affects anyone using GeoBlock installed already or fresh install VMs.
2 issues:
On fresh install the install pops-up 2 error messages. These might not actually be a problem? I don't know.
The GeoIP configuration in apache.conf points to
/usr/share/GeoIP/GeoIPv4.dat
that does not exist./usr/share/GeoIP/GeoIP.dat
and/usr/share/GeoIPv6.dat
do exist however so I expect the apache.conf configuration needs changing for fresh installs, but also for people running update.sh?Build Version
29
Environment
By downloading the VM
Environment Details
No response