Manual talk:$wgAntivirusSetup

From mediawiki.org
Latest comment: 10 years ago by Kghbln in topic ClamAV

ClamAV[edit]

If you can try to use "clamdscan" instead of "clamscan", as clamdscan is much faster than clamscan.

How would you set this up. Just changing clamscan to clamdscan does not do the job. I always get error message 2 meaning that the file was not checked. :( Any hint is welcome. Cheers --[[kgh]] 18:43, 23 August 2011 (UTC)Reply
insert --fdpass into the command line when using clamdscan. Else you're probably getting permissions errors. ClamD does not log these unless "LogVerbose" is set to true in it's configuration, and this is not the default. Draeath 17:00, 23 November 2011 (UTC)Reply
Here's my configuration. This is working for me in a mostly-vanilla Debian setup...
# antivirus
$wgAntivirusSetup = array(
    'clamav' => array (
        'command' => "/usr/bin/clamscan --no-summary %f",
        'codemap' => array (
            "0"   =>  AV_NO_VIRUS,     #no virus
            "1"   =>  AV_VIRUS_FOUND,  #virus found
            "52"  =>  AV_SCAN_ABORTED, #unsupported file format (probably immune)
            "*"   =>  AV_SCAN_FAILED,  #else scan failed
        ),
        'messagepattern' => '/.*?:(.*)/sim',
    ),
    'clamavD' => array (
        'command' => "/usr/bin/clamdscan --no-summary --fdpass %f",
        'codemap' => array (
            "0"   =>  AV_NO_VIRUS,     #no virus
            "1"   =>  AV_VIRUS_FOUND,  #virus found
            "52"  =>  AV_SCAN_ABORTED, #unsupported file format (probably immune)
            "*"   =>  AV_SCAN_FAILED,  #else scan failed
        ),
        'messagepattern' => '/.*?:(.*)/sim',
    ),
);
$wgAntivirus = "clamavD";
$wgAntivirusRequired = "true";
Draeath 17:05, 23 November 2011 (UTC)Reply
Hmm ... does not work for me. :( I always get code 2 virus found. Apropos, you do not have to set $wgAntivirusRequired since this is already done in DefaultSettings.php. Cheers --[[kgh]] 17:16, 24 November 2011 (UTC)Reply
I was getting the same code 2 error when file uploads were enabled. It appears the problem has to do with not enough shell memory being allocated. This solution fixed the issue for me: http://www.gossamer-threads.com/lists/wiki/mediawiki/303567?do=post_view_threaded#303567 -- Hawaiian717 (talk) 05:16, 24 March 2013 (UTC)Reply
Indeed, increasing $wgMaxShellMemory did the trick. However I had to set it to 409600 on Debian 6 and MW 1.21.3. What puzzles me a bit is that 102400 was enough for Debian 6 and MW 1.20.8 for the same wiki. The new standard setting 307200 for MW 1.22.x appeared to be insufficient. --[[kgh]] (talk) 13:04, 2 December 2013 (UTC)Reply

ClamAV on Windows(SOLVED)[edit]

A patch to the code was required. Incorporated into SVN starting at MediaWiki 1.16alpha R57706.

my website is http://festiva.bntbtc.com

I'm trying to setup ClamAVWin with Windows Server 2008 R2, I can get it to scan on the command line like so:

C:\Users\Administrator>"C:\Program Files (x86)\ClamWin\bin\clamscan.exe" --database=c:\avdb --no-summary c:\forefrontinstall.log
c:\forefrontinstall.log: OK

C:\Users\Administrator>

and heres my setup in localsettings.php:

## Setup clam antivirus
$wgAntivirus = "ClamAV";
$wgAntivirusRequired = true;
$wgAntivirusSetup = array(
 
    #setup for clamav
    'ClamAV' => array (
        'command' => "C:/Program Files (x86)/ClamWin/bin/clamscan.exe --database=C:\avdb --no-summary ",
        'codemap'=> array (
            "0"=>  AV_NO_VIRUS, #no virus
            "1"=>  AV_VIRUS_FOUND, #virus found
            "52"=> AV_SCAN_ABORTED, #unsupported file format (probably immune)
            "*"=>  AV_SCAN_FAILED, #else scan failed
        ),
        'messagepattern'=> '/.*?:(.*)/sim',
    ),
 
     #setup for f-prot
    'f-prot' => array (
        'command' => "f-prot ",
        'codemap'=> array (
            "0"=> AV_NO_VIRUS, #no virus
            "3"=> AV_VIRUS_FOUND, #virus found
            "6"=> AV_VIRUS_FOUND, #virus found
            "*"=> AV_SCAN_FAILED, #else scan failed
        ),
        'messagepattern'=> '/.*?Infection:(.*)$/m',
    ),
);

yet I contiunue to get errors!! it still says my files are infected, with a return code of 1:

Upload warning
The file contains a virus! Details: 1
Retrieved from "http://festiva.bntbtc.com/wiki/Special:Upload"


Ideas?? Help?? Please!! I'm thinking maybe I need to add a variable on the end of the command string to specify the file, but I can't seem to figure it out --Pwgus 07:27, 13 October 2009 (UTC)Reply

How do I Set Up the AntiVirus Protection?[edit]

The Manual: $wgAntivirusSetup and Manual:$wgAntivirus pages aren't easy to understand. I can find no information on the internet on setting up virus scanning other than those 2 pages. I managed to easily set up a wiki and changed several settings by adding and removing lines of code. I thought the AntiVirus setup would be the same procedure but I can't understand it.

  1. Is virus checking enabled by default?
  2. What virus checker does it use?
  3. Does it protect against Spyware, Malware, etc as well?
  4. How does the virus checker update its virus checking database?
  5. What happens when it detects a virus?


Hi, some questions are not really related to MediaWiki and are very dependant from what your environment looks like. So my answers will not fully satisfy you.
  1. $wgAntivirusRequired is always enabled by default. So nothing is to do there. For virus checking to work you have to set $wgAntivirus to something not NULL and to set up $wgAntivirusSetup as described. Both is straight forward. For me the problem was to set up the virus checker on the server. I actually asked somebody to do this for me.
  2. The one you set up with $wgAntivirusSetup, e.g. ClamAV or F-Prot.
  3. This depends on the virus checker you use. However, I am not sure that you will ever try to upload Spyware or Malware.
  4. Usually you set up a crontab to automate updates. This is different from system to system and form virus checker to virus checker.
  5. The file does not get uploaded into MediaWiki.
Cheers --[[kgh]] 18:54, 23 August 2011 (UTC)Reply

What do the Wikimedia sites use?[edit]

I'm wondering if there's a preferred tool that's been proven to be effective for large sites. I haven't seen much discussion on the topic. CJGarner (talk) 00:17, 19 October 2012 (UTC)Reply

They don't. Reedy (talk) 19:41, 13 March 2013 (UTC)Reply

Error (Code 2)[edit]

I configured my $wgAntivirusSetup the same as Manual_talk:$wgAntivirusSetup#ClamAV

But although I could set $wgAntivirus = clamav, when I used $wgAntivirus = clamavD (even with --fdpass) I would get scan failed (code 2) errors. To resolve this, I needed to set the clamdscan User in /etc/clam.conf to User apache and also chown the respective files that clamd uses: For a CentOS/RHEL system:

  1. edit /etc/clamd.conf to configure Unix user clamav should run under: User apache
  2. chown -R apache:apache /var/run/clamd.scan;
  3. chown apache:apache /var/run/clamd.scan/clamd.sock
  4. systemctl restart clamd@scan.service