Closed ctgraham closed 2 years ago
ClamavPlugin::getClamVersion() only considers the executable path for default behavior: https://github.com/ulsdevteam/pkp-clamav/blob/38838fd63ad4713b51d07c8ec008d12df7120e58/ClamavPlugin.inc.php#L157-L159
ClamavPlugin::getClamVersion()
So, when checking user input on the settings form, if the executable path is set, but no value is given for the socket path, the getClamVersion() check will try to execute a socket connection on the executable path here: https://github.com/ulsdevteam/pkp-clamav/blob/38838fd63ad4713b51d07c8ec008d12df7120e58/ClamavPlugin.inc.php#L170
getClamVersion()
If no path is provided for an executable or socket, the version check should not be run on the already existing values. There is probably also a logic discrepancy between checking the version and executing the scan because of this code.
ClamavPlugin::getClamVersion()
only considers the executable path for default behavior: https://github.com/ulsdevteam/pkp-clamav/blob/38838fd63ad4713b51d07c8ec008d12df7120e58/ClamavPlugin.inc.php#L157-L159So, when checking user input on the settings form, if the executable path is set, but no value is given for the socket path, the
getClamVersion()
check will try to execute a socket connection on the executable path here: https://github.com/ulsdevteam/pkp-clamav/blob/38838fd63ad4713b51d07c8ec008d12df7120e58/ClamavPlugin.inc.php#L170If no path is provided for an executable or socket, the version check should not be run on the already existing values. There is probably also a logic discrepancy between checking the version and executing the scan because of this code.