Enter an invalid hostname e.g. 'localhost%&$#+~' and save the antivirus settings
saving is rejected
π§
Enter a negative number as "Port" and save the antivirus settings
saving is rejected
π§
Enter a number larger than 65535 as "Port" and save
saving is rejected
π§
Enter a floating point number as "Port" and save the antivirus settings
saving is rejected
π§
Enter "0" as "Port" and save the antivirus settings
saving is rejected
π§
Enter a non numerical string as "Port" and save the antivirus settings
saving is rejected
π§
Enter a negative number as "Stream Length" and save the antivirus settings
saving is rejected
π§
Enter a floating point number as "Stream Length" and save the antivirus settings
saving is rejected
π§
Enter a floating point number as "Stream Length" and save the antivirus settings
saving is rejected
π§
Enter a non numerical string as "Stream Length" and save the antivirus settings
saving is rejected
π§
Enter "0" as "Stream Length" and save the antivirus settings
saving is rejected
π§
Enter a negative number, less than -1 as "File size limit" and save the antivirus settings
saving is rejected
π§
Enter a floating point number as "File size limit" and save the antivirus settings
saving is rejected
π§
Enter a non numerical string as "File size limit" and save the antivirus settings
saving is rejected
π§
Enter "0" as "File size limit" and save the antivirus settings
saving is rejected
π§
clamAV executable mode upload
setup the file antivirus app to use clamAV in "Executable" mode
upload eicar.com, eicar_com.zip and eicarcom2.zip from https://www.eicar.org/?page_id=3950 via all available endpoints. (See "Tips how to test different endpoints with curl")
None of these uploads should be possible.
upload test β Testfileβ
eicar.com
eicar_com.zip
eicarcom2.zip
old dav path without chunking
π§
π§
π§
old dav path with chunking
π§
π§
π§
new dav path without chunking
π§
π§
π§
new dav path with chunking
π§
π§
π§
public upload
π§
π§
π§
files_texteditor app
π§
-
-
clamAV daemon mode upload
setup the file antivirus app to use clamAV in "Daemon" mode
upload eicar.com, eicar_com.zip and eicarcom2.zip from https://www.eicar.org/?page_id=3950 via all available endpoints. (See "Tips how to test different endpoints with curl")
None of these uploads should be possible.
upload test β Testfileβ
eicar.com
eicar_com.zip
eicarcom2.zip
old dav path without chunking
π§
π§
π§
old dav path with chunking
π§
π§
π§
new dav path without chunking
π§
π§
π§
new dav path with chunking
π§
π§
π§
public upload
π§
π§
π§
files_texteditor app
π§
-
-
clamAV daemon (socket) mode upload
setup the file antivirus app to use clamAV in "Daemon (Socket)" mode
upload eicar.com, eicar_com.zip and eicarcom2.zip from https://www.eicar.org/?page_id=3950 via all available endpoints. (See "Tips how to test different endpoints with curl")
None of these uploads should be possible.
upload test β Testfileβ
eicar.com
eicar_com.zip
eicarcom2.zip
web upload
:heavy_check_mark:
:heavy_check_mark:
:heavy_check_mark:
desktop client upload
:heavy_check_mark:
:heavy_check_mark:
:heavy_check_mark:
files_texteditor app
:heavy_check_mark:
-
-
Filesize limit
set "File size limit" to 100 bytes
uploads of eicar.com (68byte) should be blocked
uploads of eicar_com.zip (184byte) should pass
upload test β Testfileβ
expected result
eicar.com
old dav path without chunking
blocked
π§
old dav path with chunking
blocked
π§
new dav path without chunking
blocked
π§
new dav path with chunking
blocked
π§
public upload
blocked
π§
upload test β Testfileβ
expected result
eicar.com.zip
old dav path without chunking
passed
π§
old dav path with chunking
blocked
π§
new dav path without chunking
passed
π§
new dav path with chunking
blocked
π§
public upload
passed
π§
background scan
run these steps between every test case in this chapter:
set "When infected files were found during a background scan" to "logSetting"
set "File size limit" to "fileSizeLimit"
wait 15 min (or change $this->setInterval(60 * 15); in lib/cron/task.php to a smaller number)
trigger cron job by running sudo -u www-data php cron.php
check logfile
check files
Test Case
Expected Result
Result
Related Comment
logSetting = "Only log" fileSizeLimit="-1"
1. eicar.com, eicar_com.zip and eicarcom2.zip are logged as infected 2. all files still exist on the system
:heavy_check_mark:
logSetting = "Only log" fileSizeLimit="100"
1. only eicar.com is logged as infected 2. all files still exist on the system
π§
logSetting = "Delete file" fileSizeLimit="-1"
1. eicar.com, eicar_com.zip and eicarcom2.zip are logged as infected and deleted 2. eicar.com, eicar_com.zip and eicarcom2.zip disappear from the system
:heavy_check_mark:
logSetting = "Delete file" fileSizeLimit="100"
1. only eicar.com is logged as infected and deleted 2. only eicar.com disappears from the system
π§
Tips how to test different endpoints with curl
setup variables:
user=admin
pwd=admin
host=localhost
path=owncloud
split file for chunking
split -d -b 50 eicar.com eicar.com_
you will end up with eicar.com_00 and eicar.com_01
do the same for the zip files. There will be more "chunks" as the zip files are bigger
upload v1 dav path without chunking
curl --user $user:$pwd http://$host/$path/remote.php/webdav/virus --request PUT --data-binary "@eicar.com"
upload v1 dav path with chunking
The amount of chunks might vary depending on the split size and the original file size
curl --user $user:$pwd http://$host/$path/remote.php/webdav/virus-chunking-1234-2-0 --request PUT --data-binary "@eicar.com_00" -H "OC-Chunked:1"
curl --user $user:$pwd http://$host/$path/remote.php/webdav/virus-chunking-1234-2-1 --request PUT --data-binary "@eicar.com_01" -H "OC-Chunked:1"
or to do all 3 uploads in a loop:
BASEFILES="eicar.com eicar_com.zip eicarcom2.zip"
for BASEFILE in $BASEFILES
do
ID=$RANDOM
NUM=0
FILES=`ls ${BASEFILE}_*`
COUNT=`echo $FILES | wc -w`
echo uploading $FILES
for FILE in $FILES
do
echo chunk name: VIRUS$BASEFILE-chunking-${ID}-${COUNT}-${NUM}
curl --user $user:$pwd http://$host/$path/remote.php/webdav/VIRUS$BASEFILE-chunking-${ID}-${COUNT}-${NUM} --request PUT --data-binary "@$FILE" -H "OC-Chunked:1"
let NUM=NUM+1
done
done
upload v2 dav path without chunking
curl --user $user:$pwd http://$host/$path/remote.php/dav/files/$user/virus --request PUT --data-binary "@eicar.com"
upload v2 dav path with chunking
The amount of chunks might vary depending on the split size and the original file size
References: Template
Setup
oc10.sh files_antivirus
-> https://oc10110a2-antivirus-110rc2-20220729.jw-qa.owncloud.worksFile antivirus Test Plan
Installing the app
Input field validation
clamAV executable mode upload
eicar.com
,eicar_com.zip
andeicarcom2.zip
from https://www.eicar.org/?page_id=3950 via all available endpoints. (See "Tips how to test different endpoints with curl")None of these uploads should be possible.
clamAV daemon mode upload
eicar.com
,eicar_com.zip
andeicarcom2.zip
from https://www.eicar.org/?page_id=3950 via all available endpoints. (See "Tips how to test different endpoints with curl")None of these uploads should be possible.
clamAV daemon (socket) mode upload
eicar.com
,eicar_com.zip
andeicarcom2.zip
from https://www.eicar.org/?page_id=3950 via all available endpoints. (See "Tips how to test different endpoints with curl")None of these uploads should be possible.
Filesize limit
set "File size limit" to 100 bytes uploads of
eicar.com
(68byte) should be blocked uploads ofeicar_com.zip
(184byte) should passbackground scan
run these steps between every test case in this chapter:
eicar.com
,eicar_com.zip
andeicarcom2.zip
from https://www.eicar.org/?page_id=3950 to the owncloud system under test$this->setInterval(60 * 15);
inlib/cron/task.php
to a smaller number)sudo -u www-data php cron.php
fileSizeLimit="-1"
eicar.com
,eicar_com.zip
andeicarcom2.zip
are logged as infected2. all files still exist on the system
fileSizeLimit="100"
eicar.com
is logged as infected2. all files still exist on the system
fileSizeLimit="-1"
eicar.com
,eicar_com.zip
andeicarcom2.zip
are logged as infected and deleted2.
eicar.com
,eicar_com.zip
andeicarcom2.zip
disappear from the systemfileSizeLimit="100"
eicar.com
is logged as infected and deleted2. only
eicar.com
disappears from the systemTips how to test different endpoints with curl
setup variables:
split file for chunking
you will end up with
eicar.com_00
andeicar.com_01
do the same for the zip files. There will be more "chunks" as the zip files are biggerupload v1 dav path without chunking
upload v1 dav path with chunking The amount of chunks might vary depending on the split size and the original file size
or to do all 3 uploads in a loop:
upload v2 dav path without chunking
upload v2 dav path with chunking The amount of chunks might vary depending on the split size and the original file size
or to do all 3 uploads in a loop: