files_antivirus icon indicating copy to clipboard operation
files_antivirus copied to clipboard
verified publisher icon nextcloud

What does this message mean?

Open bgraabek opened this issue 7 years ago • 2 comments

Steps to reproduce

  1. I really don't know, have tried scanning relevant files manually but don't see anything wrong

Expected behaviour

Don't know, this probably IS expected behaviour

Actual behaviour

When cron runs antivirus checks, occasionally the Nextcloud.log file contains this message: {"reqId":"mgdkoXY0XmiY7kWrCDtL","level":3,"time":"2018-12-03T21:01:28+00:00","remoteAddr":"","user":"--","app":"files_antivirus","method":"","url":"/cloud/cron.php","message":"Not Checked. No matching rules. Please check antivirus rules. File: 249853Account: -REDACTED- Path: -REDACTED-","userAgent":"--","version":"14.0.3.0"}

It is in particular this message that I have no idea what to do with: Not Checked. No matching rules. Please check antivirus rules.

Server configuration

Operating system: ubuntu 16.04.01 Web server: Apache Database: Mysql PHP version:

Nextcloud version: (see Nextcloud admin page) 14.0.3 Where did you install Nextcloud from:

List of activated apps: Antivirus 1.41

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder

Nextcloud configuration:

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder

or

Insert your config.php content here
Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …)

Client configuration

Browser:

Operating system:

Logs

Nextcloud log (data/owncloud.log)

Insert your Nextcloud log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...

bgraabek avatar Dec 04 '18 23:12 bgraabek

I also get that message. I'm pretty sure it is the maximum file size configured in this plugin as well as clamd that results in these.

I get this error:

{"reqId":"uQJOyTEvlt5B2QXQnWWP","level":4,"time":"2021-05-08T12:35:55+02:00","remoteAddr":"","user":"--","app":"files_antivirus","method":"","url":"--","message":"Not Checked. No matching rules. Please check antivirus rules. File: 1028675 Account: mgm Path: /mgm/files/somefile.zip","userAgent":"--","version":"21.0.1.1","id":"6098d6952bb4a"}

A scan of that file on the commandline works just fine though:

user@nextcloud:/var/lib/nextcloud/nc_data> clamscan mgm/files/somefile.zip
/var/lib/nextcloud/nc_data/mgm/files/somefile.zip: OK

----------- SCAN SUMMARY -----------
Known viruses: 8527723
Engine version: 0.103.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 50.27 MB
Data read: 18.36 MB (ratio 2.74:1)
Time: 91.248 sec (1 m 31 s)
Start Date: 2021:05:10 09:06:40
End Date:   2021:05:10 09:08:12
user@nextcloud:/var/lib/nextcloud/nc_data> echo $?
0
user@nextcloud:/var/lib/nextcloud/nc_data> ls -al mgm/files/somefile.zip
-rw-r--r-- 1 www-data www-data 19250030 Mar 15 20:08 mgm/files/somefile.zip
user@nextcloud:/var/lib/nextcloud/nc_data> grep StreamMaxLength /etc/clamav/clamd.conf
StreamMaxLength 50M

The plugin hast the stream length set to 52428800byte which matches the 50M in the clamd.conf

Just that the file itself is not even 19MB big. Could it be the unpacked data that exceeds the size limitation? Would make sense considering zip bombs. Is there a way to make this less "fatal" in the logs?

dicer avatar May 10 '21 07:05 dicer

I also get the same kind of error messages in my nextcloud log. IN the cases the file size is too big.

Anybody how to make this fail less hard?

melroy89 avatar Aug 06 '23 15:08 melroy89