Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.5 > vBulletin 3.5 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Scan Attachments For Viruses Details »»
Scan Attachments For Viruses
Version: 1.00, by Jafo232 Jafo232 is offline
Developer Last Online: Oct 2022 Show Printable Version Email this Page

Version: 3.5.8 Rating:
Released: 11-17-2005 Last Update: Never Installs: 9
 
No support by the author.

This extension came about after some discussion of my previous extension:

https://vborg.vbsupport.ru/showthread.php?t=100933

That extension automatically zips files. Some users were concerned that this may allow a malicous user to upload a virus/trojan since the extension allows any file to be added to the archive. If you currently allow zip files to be uploaded, then the risk is already present with or without my zip extension.

I decided to write up this product that will scan all files uploaded (including archives) for viruses.

REQUIREMENTS:

Linux/Unix Server. Although it may be possible to run this on a Windows server, I have not tested it, and am unsure if it will work on that enviroment.

This extension REQUIRES that you install F-Prot on your server. All you really need is the command line scanner for workstations. The install is simple and does not require any compilation (at least it did not for me). You download the archive to your server, and un-tar it to a directory that VB will have access to. This does NOT require root access as no system files are modified. F-Prot is free for personal use, but your requirements may require a purchase. Please read the F-Prot license agreement for more details.

Safe Mode must be off. PHP must have access to the system command.

INSTALLATION

Installation of the product is simple, just install the product file in the admincp and then go to VBulletin Options -> Virus Scanning. Enter the COMPLETE path to F-Prot. For example:

/home/yoursite.com/www/somefolder/f-prot/f-prot

Please note, the name f-prot must be at the end of the path. This is the FILE NAME not the directory name.

You can test to see if it working by creating an eicar file:

http://www.eicar.org/anti_virus_test_file.htm

And try attaching it to a thread. Note, if you create a txt file, it will recognize it unless it is in an archive. The scanner understands that as a text file it is not a threat. Rename it to a .exe file if you want to test the archive scanning abilities.

The product will scan files inside of .zip, .cab, .tar, .gz, .izh and .arj files.

IF you are going to use this in conjuction with my zip extension, uninstall the zip plugin first, install this product, then re-install the zip plugin, this way the virus scan will happen before the attachments are archived.

I will support this as I can. Before you post any requests for help, please check your phpinfo (see maintenence in admincp) and make sure safe mode is off before posting here. If safemode is on, there really is not much I can do for you.

Please Click INSTALL!

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #22  
Old 06-07-2006, 02:32 AM
cheesegrits's Avatar
cheesegrits cheesegrits is offline
 
Join Date: May 2006
Posts: 500
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

A single workstation license for f-prot for commercial use is only $29. If you can't afford $0.08c a day to protect your users ... well ... you probably aren't a commercial site and might as well use the freebie "home use" version!

Having said that, clamav is hands down a better product, and its free. So I certainly wouldn't object if Jafo happened to mod his mod to use it.

-- hugh
Reply With Quote
  #23  
Old 06-08-2006, 02:41 AM
cheesegrits's Avatar
cheesegrits cheesegrits is offline
 
Join Date: May 2006
Posts: 500
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Jafo,

For some reason I couldn't get the f-prot version of your mod to work - it just returns 126 regardless of what I'm scanning. I've tested on the command line, and f-prot itself is working fine, it recognizes eicar no problems.

So I took the liberty of changing your module to use the clamav API (phpclamavlib). It works fine. One nice feature of the clamav API is that the call returns the name of the virus it found, which I'm printing out in the error message.

Would you be interested in folding my changes into your module, and making it configurable between f-prot and clamav? If not, would you have any objections to me submitting a separate mod (something like vbClamBake!) with suitable props to you for the original coding?

I don't mind either way. The only issue I see is providing the instructions and support for people to get clamav and the API installed, which can be a little tricky. You may not want to open that can of worms.

I suppose I could use the clam command line instead, but this wouldn't tell us which virus was found. But it would mean the API wouldn't have to be installed, which is the biggest issue. Maybe it could be a three way choice - f-prot, clamav API or clamav command line.

Let me know what you think. I'm not trying to hijack your code here, I just much prefer clamav, and this seemed like the easiest way to give myself clamav scanning of uploads!

-- hugh
Reply With Quote
  #24  
Old 06-08-2006, 03:04 AM
Jafo232 Jafo232 is offline
 
Join Date: May 2004
Posts: 1,122
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I would be interested in seeing your code. After I see it, I could probably give you a better answer.
Reply With Quote
  #25  
Old 06-08-2006, 03:45 AM
cheesegrits's Avatar
cheesegrits cheesegrits is offline
 
Join Date: May 2006
Posts: 500
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It couldn't be simpler ... it's essentially a one line change:

PHP Code:
$r system($vbulletin->options['spath'] . ' -silent ' $vbulletin->GPC['attachment']['tmp_name']["$x"],$t); 
... becomes ...

PHP Code:
$t cl_scanfile($vbulletin->GPC['attachment']['tmp_name']["$x"]); 
Then if $t is not null, there was a virus. So the only other changes are in the test for $t, and adding the value of $t to the error message, to tell the user which virus they have.

Of course, there's the issue of installing clamav and the phpclamavlib module, which requires compilation and installing by steam. And of course because the API installs as a PHP module, it (typically) requires root access. So I'd see this particular modification as being for folk who run their own servers and already use clamav.

However, it would be trivial to change the original system() call to point to the 'clamscan' command line app instead, which would remove the need to install the php clamav API. It would just need a single upload of the clamscan binary, and I believe there are precompiled packages available for most flavors of UN*X. This would make it viable for hosted systems. The only real difference would be that it couldn't print the name of the virus it found.

In case I forgot to say it earlier, thanks for the module! Having virus scanning was an absolute show stopper for my new BB, and as a vB newbie, I wasn't looking forward to coding a module from scratch! I wouldn't even have made this change if f-prot had worked for me.

-- hugh
Reply With Quote
  #26  
Old 06-08-2006, 01:30 PM
Jafo232 Jafo232 is offline
 
Join Date: May 2004
Posts: 1,122
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

So basically that function needs to be compiled into PHP or did you put in a require/include anywhere in the code?
Reply With Quote
  #27  
Old 06-08-2006, 07:01 PM
cheesegrits's Avatar
cheesegrits cheesegrits is offline
 
Join Date: May 2006
Posts: 500
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It's a standard dynamic extension module, so it just needs editing of php.ini (or a file in /etc/php.d), and the module file goes in /usr/lib/php4 (or wherever). Doesn't need to be compiled in to PHP itself. And as a dynamic module, it doesnt need a requireinclude, the functions just become available as if they were built in to PHP. But it does obviously need root privs to install.

Of course if you used the clamscan command line via system(), instead of the module, it would just need that one executable somewhere httpd can find it. Although you'd still want the complete clamav install, for things like freshclam to keep the pattern db updated. Buit that's same-same for f-prot.

-- hugh
Reply With Quote
  #28  
Old 05-14-2007, 10:38 AM
ginger22 ginger22 is offline
 
Join Date: Nov 2005
Posts: 15
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

How about correct work with last vBulletin releases?
Reply With Quote
  #29  
Old 05-01-2008, 11:08 PM
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
Location: Netherlands
Posts: 3,537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Any chance on an update for vb 3.7?
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 03:15 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04999 seconds
  • Memory Usage 2,298KB
  • Queries Executed 23 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (8)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete