Miscellaneous Hacks - Virus scanner for attachments

Hello guys and gals,
I was seeking for virus scanner addon for vBulletin 3.6.x , i found out one product for 3.5.8 Jafo232's addon but it was using fprot which is needing license and not free. So i decided do make it for 3.6.x and using LibClamAV.
It works fine and it's simple.
Here you go.
Thanks Jafo232 for his addon and idea and cheesegrits for his sample.

What does this plugin do?

This plugin let you have virus scanner for your forum's attachment managing.

Installing

Open your admin control panel and then
Plugin System -> Manage Products -> [Add/Import Product] -> Select 'product-vscan.xml' from your computer then press 'Import'
This plugin uses ClamAV for scanning files there is two method available for scanning:
First method requires LibClamAV support on your php settings. You can check it on phpinfo. If you do not have ClamAV , You can download it free at here and faster than second method.If you can not find php-clamav due to problems from its publisher server. You can download php-clamavlib-0.13-src.zip which i attached or you can download compiled version clamav.zip or if you are using Debian based system just type apt-get install php5-clamavlib on your shell.
Second method uses clamscan binary of ClamAV does not require LibClamAV just installing ClamAV enough for it but its a bit slower than first method.
Please feel free to ask any questions

This may be copied, reproduced or published anywhere without my permission.

Current version: 0.2a
File name: plugin-vscan2.xml
Change history:
0.2a: Added function for scanning file if php does not have ClamAV support this function uses clamscan and no need libclamav support just installing ClamAV enough for this somehow its a bit slower than php-clamav module, and installing php-clamav strongly suggested.Who is using 0.1a and having php-clamav on their system do not need update because there is no change for php-clamav support but if you want to feel better you can update it.
0.1a: Addon written based from Jafo232's old but changed scanning method for using libclamav

[pedroenf]

No need for PM, www.g6-team.com

[alghat]

great man

but why u don't add a condition (function_exists('cl_scanfile_ex')) for this plugin such as:

PHP Code:

if ($_POST['do'] == 'manageattach') 


to

PHP Code:

if ($_POST['do'] == 'manageattach' AND function_exists('cl_scanfile_ex')) 


.
or a cl_scanfile_ex isn't function ??

[bahisyeri]

Quote:

Originally Posted by alghat

great man

but why u don't add a condition (function_exists('cl_scanfile_ex')) for this plugin such as:

PHP Code:

if ($_POST['do'] == 'manageattach') 


to

PHP Code:

if ($_POST['do'] == 'manageattach' AND function_exists('cl_scanfile_ex')) 


.
or a cl_scanfile_ex isn't function ??

ah yes but i worked on my system and give how to install and thats why i didnt do it.
I will try to write cl_scanfile_ex function with pure ssh command using clamscan if its not exist.

[bahisyeri]

Ok i wrote function for who does not have php-clamav on their system. You can download it.It is using system function of PHP , if your host/server disabled it, ask them for any enabled function like system (passthru,exec or kinda) and modify source for that allowed function.

[alghat]

good work man

but I see you have to use this function (system) in function (cl_scanfile_ex) !

this function is disabled in most hosting that were not all ..

is there an alternative solution ?

[bahisyeri]

Quote:

Originally Posted by alghat

good work man

but I see you have to use this function (system) in function (cl_scanfile_ex) !

this function is disabled in most hosting that were not all ..

is there an alternative solution ?

Well as i wrote in previous message you need to execute it, and ask for hosting if there is any active command like system.If its good hosting believe me they will choose adding clamav support on php.

[CThiessen]

Hi,
Thanks for the very good Product.
Installation was easy on Debian.

Christian

[Mike-D]

It seems to be that your Hack you offer, exactly what I need. Two day ago my Server has been hacked. See vB Germany Thread Server Hacked? I really have no clue what happened exactly, but I got always some strange pishing files in misc dir's. One of them was the aracde directory and the other one was attachments directory. Since today in the morning the Server is finally clean, but how long? I guess the security problem were also the allowed attachment extensions (avi/doc/mpeg/zip/rar) So I decided to remove them. Right now I have only the really needed (gif/jpg/jpeg/pdf) for the members.

Back to topic: I'd like to install you hack but I'm no Server expert. How difficult is it to install it on my Server? If interested here's the PHP Info. I do hope your Hack is that what I need. We will see. Anyways thank you very much for your sharing. I clicked Installed

[bahisyeri]

Quote:

Originally Posted by Mike-D

It seems to be that your Hack you offer, exactly what I need. Two day ago my Server has been hacked. See vB Germany Thread Server Hacked? I really have no clue what happened exactly, but I got always some strange pishing files in misc dir's. One of them was the aracde directory and the other one was attachments directory. Since today in the morning the Server is finally clean, but how long? I guess the security problem were also the allowed attachment extensions (avi/doc/mpeg/zip/rar) So I decided to remove them. Right now I have only the really needed (gif/jpg/jpeg/pdf) for the members.

Back to topic: I'd like to install you hack but I'm no Server expert. How difficult is it to install it on my Server? If interested here's the PHP Info. I do hope your Hack is that what I need. We will see. Anyways thank you very much for your sharing. I clicked Installed

Hello , it seems you are on under attack and some people exploited your system. It is not about attachment but its about attachments directory because it is in mod 777 and so every people can write files to there.
I read that topic and it seems you are using debian like me but sadly there was a security flaws annouced by debian about SSH like Andreas give links. My suggestion is run this commands from your shell as a root
apt-get update
apt-get upgrade
Maybe you did it and you know them but I'm writing it for as a remind.
For installing clamav follow that step under debian.
apt-get install clamav clamav-freshclam clamav-base libclamav3 php5-clamavlib
and reset your webserver it will loaded automaticly

[mrahul]

its going to excess bandwith and cause load on server ? as it uses few more applications around