owncloud / files_antivirus

:space_invader: virus scanner for ownCloud
GNU Affero General Public License v3.0
48 stars 30 forks source link
owncloud-app

ownCloud Antivirus App

files_antivirus is an antivirus app for ownCloud based on ClamAV.

Details

The idea is to check for virus at upload-time, notifying the user (on screen and/or email) and remove the file if it's infected.

QA metrics on master branch:

Build Status Quality Gate Status Security Rating Coverage

Status

The App is not complete yet, the following works/is done:

ToDo

Requirements

Install

Enterprise Feature: ICAP Antivirus integration

The Files Antivirus app can support the ICAP protocol if you are using the ownCloud Enterprise Edition.

Using the ICAP mode requires a valid enterprise license. If no license key is present, it will trigger the grace period to obtain a valid key. After the expiration of the grace period / license key, the files_antivirus app will be disabled.

Run with c-icap/clamav

c-icap has a built-in clamav module see https://sourceforge.net/p/c-icap/wiki/ModulesConfiguration/

An out-of-the-box docker image for testing purpose is available at https://hub.docker.com/r/deepdiver/icap-clamav-service

For simple local testing run docker run -ti deepdiver/icap-clamav-service and get it's ip using docker inspect. The IP address needs to be setup in the configuration - see above

The request service for clamav has to be set to 'avscan' and the response header to 'X-Infection-Found'

Run with Kaspersky

Kaspersky provides docker images as well (https://box.kaspersky.com/d/c8d8577dc2494256b45e/) Follow the instructions in Kaspersky ScanEngine for Kubernetes.7z

Additional configuration: Enable Allow204 - this is necessary to tell kav to not send back the file contents. see https://support.kaspersky.com/ScanEngine/1.0/en-US/201151.htm

The request service for clamav has to be set to 'req' and the response header to 'X-Virus-ID'

NOTE: The older versions of KAV did not send back the virus/infection name in an icap header.

In v2.0.0 the header to transport the virus can be configured. Default: No header is sent. see https://support.kaspersky.com/ScanEngine/1.0/en-US/201214.htm

Run with FortiSandbox in ICAP Mode

Select 'Fortinet' from the dropdown.

The request service for FortiSandbox has to be set to 'respmod' and the response header to 'X-Virus-Name'.

Fortinet provides product trials of FortiSandbox, please have a look at Fortinet.

Run with McAfee Web Gateway 10.x and higher in ICAP Mode

Select 'McAfee Web Gateway 10.x and higher' from the dropdown.

The request service for McAfee has to be set to 'respmod' and the response header to 'X-Virus-Name'.

McAfee provides product trial for evaluation purposes. Have a look at the McAfee Webpage for the Web Gateway.

Note: Product is now called 'Skyhigh Secure Web Gateway'

Authors:

Manuel Delgado López :: manuel.delgado at ucr.ac.cr
Bart Visscher
Viktar Dubiniuk