Open crisr15 opened 1 year ago
I'm not aware of anyone using anything else, but we should ask in the Samvera Slack. ClamAV is really well supported for server level checking. Google (for example) uses it to implement the virus check in both Gmail and Google Docs. We should however look at the change long and see if the older version is a problem.
Installed, but need to look at paths, etc.
Based on the digging I've done, I see two potential paths forward:
clamav
gemclamby
gemA fork of the clamav
gem exists that has been updated semi-recently (2019). Try using the updates branch of this fork before trying anything else.
Attempting to use the forked version of the gem failed:
/usr/local/lib/ruby/2.7.0/singleton.rb:125:in `new': integer 281472773468224 too big to convert to `int' (RangeError)
from /usr/local/lib/ruby/2.7.0/singleton.rb:125:in `block in instance'
from /usr/local/lib/ruby/2.7.0/singleton.rb:123:in `synchronize'
from /usr/local/lib/ruby/2.7.0/singleton.rb:123:in `instance'
from /app/samvera/hyrax-webapp/config/initializers/clamav.rb:1:in `<top (required)>'
# config/initializers/clamav.rb
ClamAV.instance.loaddb if defined? ClamAV
The ClamAV
object is a Singleton, and appears to be fundamentally broken in Ruby 2.7.0
It was discussed in a meeting that, if using the forked version of the gem failed, this ticket would wait until a Hryax upgrade happened so the app could be smoothly transitioned to using the clamby
gem
⚠ On hold pending Hyrax upgrade ⚠
Summary
Please set up ClamAV to scan files for viruses before they go into Fedora.
CalState set up clamAV but would like to know if anyone is using anything else in the community for virus checking.
Their concerns are that the open source virus scanning may not be the most up to date and safe, and that they had to use an older version in order to get it installed.
Acceptance Criteria