nextcloud
Regression: Infected Files Now Yield "An unknown error has occurred" Instead of Appropriate Message
Steps to reproduce
- Install Nextcloud 15.0.5.3.
- Install Antivirus for Files v2.0.1.
- Install and configure ClamAV and the Antivirus plug-in so that it is able to communicate with ClamAV.
- Temporarily disable anti-virus on your local machine (to avoid it blocking your ability to test the plugin).
- Create an EICAR test file.
- Upload the test file to any file share.
Expected behaviour
- The file should not be saved on Nextcloud.
- The message "Infected file deleted. Eicar-Test-Signature" should appear.
Actual behaviour
- The file is not saved on Nextcloud (as expected).
- The message "An unknown error has occurred" appears.
This is a regression from Nextcloud 15.0.2 in which the message appeared correctly.
Server configuration
Operating system: Debian Stretch Web server: NGinx 1.15.9 Database: MariaDB PHP version: 7.2.15 Nextcloud version: 15.0.5.3 Updated from an older Nextcloud/ownCloud or fresh install: Fresh install Where did you install Nextcloud from: Docker image
List of activated apps
Nextcloud apps
Enabled:
- accessibility: 1.1.0
- activity: 2.8.2
- checksum: 0.4.2
- cloud_federation_api: 0.1.0
- comments: 1.5.0
- dav: 1.8.1
- federatedfilesharing: 1.5.0
- federation: 1.5.0
- files: 1.10.0
- files_antivirus: 2.0.1
- files_downloadactivity: 1.4.0
- files_pdfviewer: 1.4.0
- files_sharing: 1.7.0
- files_texteditor: 2.7.0
- files_trashbin: 1.5.0
- files_versions: 1.8.0
- files_videoplayer: 1.4.0
- firstrunwizard: 2.4.0
- gallery: 18.2.0
- logreader: 2.0.0
- lookup_server_connector: 1.3.0
- metadata: 0.8.0
- music: 0.9.3
- nextcloud_announcements: 1.4.0
- notifications: 2.3.0
- oauth2: 1.3.0
- ownbackup: 18.11.0
- password_policy: 1.5.0
- provisioning_api: 1.5.0
- serverinfo: 1.5.0
- sharebymail: 1.5.0
- support: 1.0.0
- survey_client: 1.3.0
- systemtags: 1.5.0
- theming: 1.6.0
- twofactor_backupcodes: 1.4.1
- updatenotification: 1.5.0
- user_external: 0.5.1
- workflowengine: 1.5.0
Disabled:
- admin_audit
- encryption
- files_automatedtagging
- files_external
- twofactor_totp
- user_ldap
Nextcloud configuration
Nextcloud config
{
"system": {
"appstoreenabled": false,
"apps_paths": [
{
"path": "\/var\/www\/html\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/html\/custom_apps",
"url": "\/custom_apps",
"writable": false
}
],
"logfile": "\/var\/log\/nextcloud.log",
"memcache.local": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": "6379",
"password": "***REMOVED SENSITIVE VALUE***",
"timeout": 1.5
},
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost",
"***REMOVED SENSITIVE VALUE***"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "15.0.5.3",
"overwrite.cli.url": "http:\/\/localhost",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"theme": "",
"loglevel": 2,
"maintenance": false
}
}
Client configuration
Browser: Chrome 72.0.3626.109 (Official Build) (64-bit) Operating system: Windows 10 17763.316
Logs
Nextcloud log (data/owncloud.log)
Nextcloud log
Deploying Nextcloud 15.0.5.3...
Deployment finished.
Configuring Nextcloud to use Redis-based session storage.
[05-Mar-2019 03:10:18] NOTICE: fpm is running, pid 1
[05-Mar-2019 03:10:18] NOTICE: ready to handle connections
127.0.0.1 - 05/Mar/2019:03:10:39 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:10:42 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:11:00 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:11:12 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:11:12 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:11:12 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:11:12 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:11:14 +0000 "GET /ocs/v2.php" 200
127.0.0.1 - 05/Mar/2019:03:11:14 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:11:14 +0000 "PROPFIND /remote.php" 207
127.0.0.1 - 05/Mar/2019:03:11:14 +0000 "GET /index.php" 201
127.0.0.1 - 05/Mar/2019:03:11:18 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:11:19 +0000 "GET /ocs/v2.php" 200
127.0.0.1 - 05/Mar/2019:03:11:19 +0000 "GET /ocs/v2.php" 200
127.0.0.1 - 05/Mar/2019:03:11:19 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:11:49 +0000 "GET /ocs/v2.php" 200
127.0.0.1 - 05/Mar/2019:03:12:20 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:12:21 +0000 "GET /cron.php" 200
127.0.0.1 - 05/Mar/2019:03:12:22 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:12:24 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:12:39 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:12:39 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:12:39 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:12:39 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:12:40 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:12:41 +0000 "GET /cron.php" 200
127.0.0.1 - 05/Mar/2019:03:12:41 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:12:42 +0000 "GET /ocs/v2.php" 204
127.0.0.1 - 05/Mar/2019:03:12:43 +0000 "GET /index.php" 200
127.0.0.1 - 05/Mar/2019:03:13:18 +0000 "PUT /remote.php" 415
{"reqId":"d5zWaJtaKEA5cnDQQcec","level":2,"time":"2019-03-05T03:13:19+00:00","remoteAddr":"67.241.72.73","user":"admin","app":"files_antivirus","method":"PUT","url":"\/remote.php\/webdav\/eicar.txt","message":"Infected file deleted. Eicar-Test-Signature Account: admin Path: files\/eicar.txt.ocTransferId413104186.part","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/72.0.3626.109 Safari\/537.36","version":"15.0.5.3"}
{"reqId":"d5zWaJtaKEA5cnDQQcec","level":4,"time":"2019-03-05T03:13:19+00:00","remoteAddr":"67.241.72.73","user":"admin","app":"files_antivirus","method":"PUT","url":"\/remote.php\/webdav\/eicar.txt","message":"Infected file deleted. Eicar-Test-Signature File: files\/eicar.txt.ocTransferId413104186.part Account: admin","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/72.0.3626.109 Safari\/537.36","version":"15.0.5.3"}
{"reqId":"d5zWaJtaKEA5cnDQQcec","level":3,"time":"2019-03-05T03:13:19+00:00","remoteAddr":"67.241.72.73","user":"admin","app":"no app in context","method":"PUT","url":"\/remote.php\/webdav\/eicar.txt","message":{"Exception":"OCP\\Files\\InvalidContentException","Message":"Virus Eicar-Test-Signature is detected in the file. Upload cannot be completed.","Code":0,"Trace":[{"function":"OCA\\Files_Antivirus\\{closure}","class":"OCA\\Files_Antivirus\\AvirWrapper","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/3rdparty\/icewind\/streams\/src\/CallbackWrapper.php","line":121,"function":"call_user_func","args":[{"__class__":"Closure"}]},{"file":"\/var\/www\/html\/custom_apps\/files_antivirus\/lib\/AvirWrapper.php","line":94,"function":"stream_close","class":"Icewind\\Streams\\CallbackWrapper","type":"->","args":[]},{"file":"\/var\/www\/html\/lib\/private\/Files\/Storage\/Wrapper\/Wrapper.php","line":630,"function":"writeStream","class":"OCA\\Files_Antivirus\\AvirWrapper","type":"->","args":["files\/eicar.txt.ocTransferId413104186.part",null,null]},{"file":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/File.php","line":182,"function":"writeStream","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->","args":["files\/eicar.txt.ocTransferId413104186.part",null]},{"file":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/Directory.php","line":156,"function":"put","class":"OCA\\DAV\\Connector\\Sabre\\File","type":"->","args":[null]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":1096,"function":"createFile","class":"OCA\\DAV\\Connector\\Sabre\\Directory","type":"->","args":["eicar.txt",null]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/CorePlugin.php","line":525,"function":"createFile","class":"Sabre\\DAV\\Server","type":"->","args":["eicar.txt",null,null]},{"function":"httpPut","class":"Sabre\\DAV\\CorePlugin","type":"->","args":[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"__class__":"Sabre\\DAV\\CorePlugin"},"httpPut"],[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":479,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["method:PUT",[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/html\/apps\/dav\/appinfo\/v1\/webdav.php","line":80,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"\/var\/www\/html\/remote.php","line":163,"args":["\/var\/www\/html\/apps\/dav\/appinfo\/v1\/webdav.php"],"function":"require_once"}],"File":"\/var\/www\/html\/custom_apps\/files_antivirus\/lib\/AvirWrapper.php","Line":154,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/72.0.3626.109 Safari\/537.36","version":"15.0.5.3"}
{"reqId":"d5zWaJtaKEA5cnDQQcec","level":4,"time":"2019-03-05T03:13:19+00:00","remoteAddr":"67.241.72.73","user":"admin","app":"webdav","method":"PUT","url":"\/remote.php\/webdav\/eicar.txt","message":{"Exception":"OCA\\DAV\\Connector\\Sabre\\Exception\\UnsupportedMediaType","Message":"Virus Eicar-Test-Signature is detected in the file. Upload cannot be completed.","Code":0,"Trace":[{"file":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/File.php","line":226,"function":"convertToSabreException","class":"OCA\\DAV\\Connector\\Sabre\\File","type":"->","args":[{"__class__":"OCP\\Files\\InvalidContentException"}]},{"file":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/Directory.php","line":156,"function":"put","class":"OCA\\DAV\\Connector\\Sabre\\File","type":"->","args":[null]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":1096,"function":"createFile","class":"OCA\\DAV\\Connector\\Sabre\\Directory","type":"->","args":["eicar.txt",null]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/CorePlugin.php","line":525,"function":"createFile","class":"Sabre\\DAV\\Server","type":"->","args":["eicar.txt",null,null]},{"function":"httpPut","class":"Sabre\\DAV\\CorePlugin","type":"->","args":[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"__class__":"Sabre\\DAV\\CorePlugin"},"httpPut"],[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":479,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["method:PUT",[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/html\/apps\/dav\/appinfo\/v1\/webdav.php","line":80,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"\/var\/www\/html\/remote.php","line":163,"args":["\/var\/www\/html\/apps\/dav\/appinfo\/v1\/webdav.php"],"function":"require_once"}],"File":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/File.php","Line":595,"Previous":{"Exception":"OCP\\Files\\InvalidContentException","Message":"Virus Eicar-Test-Signature is detected in the file. Upload cannot be completed.","Code":0,"Trace":[{"function":"OCA\\Files_Antivirus\\{closure}","class":"OCA\\Files_Antivirus\\AvirWrapper","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/3rdparty\/icewind\/streams\/src\/CallbackWrapper.php","line":121,"function":"call_user_func","args":[{"__class__":"Closure"}]},{"file":"\/var\/www\/html\/custom_apps\/files_antivirus\/lib\/AvirWrapper.php","line":94,"function":"stream_close","class":"Icewind\\Streams\\CallbackWrapper","type":"->","args":[]},{"file":"\/var\/www\/html\/lib\/private\/Files\/Storage\/Wrapper\/Wrapper.php","line":630,"function":"writeStream","class":"OCA\\Files_Antivirus\\AvirWrapper","type":"->","args":["files\/eicar.txt.ocTransferId413104186.part",null,null]},{"file":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/File.php","line":182,"function":"writeStream","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->","args":["files\/eicar.txt.ocTransferId413104186.part",null]},{"file":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/Directory.php","line":156,"function":"put","class":"OCA\\DAV\\Connector\\Sabre\\File","type":"->","args":[null]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":1096,"function":"createFile","class":"OCA\\DAV\\Connector\\Sabre\\Directory","type":"->","args":["eicar.txt",null]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/CorePlugin.php","line":525,"function":"createFile","class":"Sabre\\DAV\\Server","type":"->","args":["eicar.txt",null,null]},{"function":"httpPut","class":"Sabre\\DAV\\CorePlugin","type":"->","args":[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"__class__":"Sabre\\DAV\\CorePlugin"},"httpPut"],[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":479,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["method:PUT",[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/html\/apps\/dav\/appinfo\/v1\/webdav.php","line":80,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"\/var\/www\/html\/remote.php","line":163,"args":["\/var\/www\/html\/apps\/dav\/appinfo\/v1\/webdav.php"],"function":"require_once"}],"File":"\/var\/www\/html\/custom_apps\/files_antivirus\/lib\/AvirWrapper.php","Line":154},"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/72.0.3626.109 Safari\/537.36","version":"15.0.5.3"}
127.0.0.1 - 05/Mar/2019:03:13:40 +0000 "GET /ocs/v2.php" 200
Browser log
Browser log
Request URL: https://example.com/remote.php/webdav/eicar.txt
Request Method: PUT
Status Code: 415
Remote Address: ***REMOVED SENSITIVE VALUE***
Referrer Policy: no-referrer
cache-control: no-store, no-cache, must-revalidate
content-security-policy: default-src 'none';
content-type: application/xml; charset=utf-8
date: Tue, 05 Mar 2019 03:37:39 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx/1.15.8
status: 415
strict-transport-security: max-age=15724800; includeSubDomains
x-frame-options: SAMEORIGIN
:authority: example.com
:method: PUT
:path: /remote.php/webdav/eicar.txt
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: no-cache
content-disposition: attachment; filename="eicar.txt"
content-length: 68
content-type: text/plain
cookie: ***REMOVED SENSITIVE VALUE***
if-none-match: *
ocs-apirequest: true
origin: https://example.com
pragma: no-cache
requesttoken: FmCzvHlyNMw18NZuAg6tPpefecOZQd0/CrYgTgOBA/c=:JgLclzofV+NZvuQeUWiZXfvMH6LBDpBJO+dNB2jqRZQ=
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36
x-requested-with: XMLHttpRequest
One wrinkle in my new setup I did not have with Nextcloud 15.0.2 is that we are now behind the Kubernetes NGinx ingress controller. It may be the case that the ingress controller is not sending along the response body for the 415 response; I am not sure how to get to the bottom of this yet. More coming soon I hope.
Nextcloud: 16.0.5 Antivirus for files: 2.2.0 Same error: In the nextcloud.log i find: {"reqId":"6VMLrXIJhkwWUOidxQov","level":3,"time":"2019-10-16T10:10:30+02:00","remoteAddr":"192.168.7.11","user":"--","app":"no app in context","method":"PUT","url":"/public.php/webdav/PB000075_BOM_AA.doc","message":{"Exception":"OCP\ Files\InvalidContentException","Message":"Virus YARA.office_macro.UNOFFICIAL is detected in the file. Upload cannot be completed.","Code":0,"Trace":[{"function":"OCA\Files_Antivirus\{closure}","class":"OCA\Files_Antivirus\AvirWrappe r","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/streams/src/CallbackWrapper.php","line":121,"function":"call_user_func","args":[{"class":"Clo sure"}]},{"file":"/var/www/nextcloud/apps/files_antivirus/lib/AvirWrapper.php","line":94,"function":"stream_close","class":"Icewind\Streams\CallbackWrapper","type":"->","args":[]},{"file":"/var/www/nextcloud/lib/private/Fi les/Storage/Wrapper/Wrapper.php","line":630,"function":"writeStream","class":"OCA\Files_Antivirus\AvirWrapper","type":"->","args":["files/Abschirmblech PB 75/PB000075_BOM_AA.doc.ocTransferId1735300639.part",null,null]},{"file":"/ var/www/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php","line":630,"function":"writeStream","class":"OC\Files\Storage\Wrapper\Wrapper","type":"->","args":["files/Abschirmblech PB 75/PB000075_BOM_AA.doc.ocTransferId 1735300639.part",null,null]},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/File.php","line":191,"function":"writeStream","class":"OC\Files\Storage\Wrapper\Wrapper","type":"->","args":["files/Abschirmblech PB 75/ PB000075_BOM_AA.doc.ocTransferId1735300639.part",null]},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/Directory.php","line":156,"function":"put","class":"OCA\DAV\Connector\Sabre\File","type":"->","args":[null]},{" file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":1096,"function":"createFile","class":"OCA\DAV\Connector\Sabre\Directory","type":"->","args":["PB000075_BOM_AA.doc",null]},{"file":"/var/www/nextcloud /3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":525,"function":"createFile","class":"Sabre\DAV\Server","type":"->","args":["PB000075_BOM_AA.doc",null,null]},{"function":"httpPut","class":"Sabre\DAV\CorePlugin","type":"->","a rgs":[{"absoluteUrl":"https://shares.tq-group.com/public.php/webdav/PB000075_BOM_AA.doc","class":"Sabre\HTTP\Request"},{"class":"Sabre\HTTP\Response"}]},{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/EventE mitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"class":"Sabre\DAV\CorePlugin"},"httpPut"],[{"absoluteUrl":"https://shares.tq-group.com/public.php/webdav/PB000075_BOM_AA.doc","class":"Sabre\HTTP\R equest"},{"class":"Sabre\HTTP\Response"}]]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":479,"function":"emit","class":"Sabre\Event\EventEmitter","type":"->","args":["method:PUT",[{"absoluteU rl":"https://shares.tq-group.com/public.php/webdav/PB000075_BOM_AA.doc","class":"Sabre\HTTP\Request"},{"class":"Sabre\HTTP\Response"}]]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line": 254,"function":"invokeMethod","class":"Sabre\DAV\Server","type":"->","args":[{"absoluteUrl":"https://shares.tq-group.com/public.php/webdav/PB000075_BOM_AA.doc","class":"Sabre\HTTP\Request"},{"class":"Sabre\HTTP\Respons e"}]},{"file":"/var/www/nextcloud/apps/dav/appinfo/v1/publicwebdav.php","line":107,"function":"exec","class":"Sabre\DAV\Server","type":"->","args":[]},{"file":"/var/www/nextcloud/public.php","line":79,"args":["/var/www/n extcloud/apps/dav/appinfo/v1/publicwebdav.php"],"function":"require_once"}],"File":"/var/www/nextcloud/apps/files_antivirus/lib/AvirWrapper.php","Line":154,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win 64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36","version":"16.0.5.1"}
I'm still seeing this problem: Nextcloud: 18.0.0.10 Antivirus: 2.2.1
`[webdav] Fatal: OCA\DAV\Connector\Sabre\Exception\UnsupportedMediaType: Virus Eicar-Test-Signature is detected in the file. Upload cannot be completed. at <
- /var/www/domain/htdocs/apps/dav/lib/Connector/Sabre/File.php line 244 OCA\DAV\Connector\Sabre\File->convertToSabreException(OCP\Files\InvalidContentException {})
- /var/www/domain/htdocs/apps/dav/lib/Connector/Sabre/Directory.php line 156 OCA\DAV\Connector\Sabre\File->put(null)
- /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php line 1096 OCA\DAV\Connector\Sabre\Directory->createFile("eicar.com", null)
- /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/CorePlugin.php line 525 Sabre\DAV\Server->createFile("Documents/eicar.com", null, null)
- <
> Sabre\DAV\CorePlugin->httpPut(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {}) - /var/www/domain/htdocs/3rdparty/sabre/event/lib/EventEmitterTrait.php line 105 call_user_func_array([Sabre\DAV\CorePlugin {},"httpPut"], [Sabre\HTTP\Requ ... }])
- /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php line 479 Sabre\Event\EventEmitter->emit("method:PUT", [Sabre\HTTP\Requ ... }])
- /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php line 254 Sabre\DAV\Server->invokeMethod(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
- /var/www/domain/htdocs/apps/dav/appinfo/v1/webdav.php line 82 Sabre\DAV\Server->exec()
- /var/www/domain/htdocs/remote.php line 165 require_once("/var/www/share. ... p")
PUT /remote.php/webdav/Documents/eicar.com from x.x.x.x by yyy at 2020-01-21T13:50:36+00:00
[no app in context] Error: OCP\Files\InvalidContentException: Virus Eicar-Test-Signature is detected in the file. Upload cannot be completed. at <
- <
> OCA\Files_Antivirus\AvirWrapper->OCA\Files_Antivirus{closure}("*** sensitive parameters replaced ***") - /var/www/domain/htdocs/3rdparty/icewind/streams/src/CallbackWrapper.php line 121 call_user_func(Closure {})
- /var/www/domain/htdocs/apps/files_antivirus/lib/AvirWrapper.php line 94 Icewind\Streams\CallbackWrapper->stream_close()
- /var/www/domain/htdocs/lib/private/Files/Storage/Wrapper/Wrapper.php line 630 OCA\Files_Antivirus\AvirWrapper->writeStream("files/Documents ... t", null, null)
- /var/www/domain/htdocs/lib/private/Files/Storage/Wrapper/Wrapper.php line 630 OC\Files\Storage\Wrapper\Wrapper->writeStream("files/Documents ... t", null, null)
- /var/www/domain/htdocs/apps/dav/lib/Connector/Sabre/File.php line 192 OC\Files\Storage\Wrapper\Wrapper->writeStream("files/Documents ... t", null)
- /var/www/domain/htdocs/apps/dav/lib/Connector/Sabre/Directory.php line 156 OCA\DAV\Connector\Sabre\File->put(null)
- /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php line 1096 OCA\DAV\Connector\Sabre\Directory->createFile("eicar.com", null)
- /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/CorePlugin.php line 525 Sabre\DAV\Server->createFile("Documents/eicar.com", null, null)
- <
> Sabre\DAV\CorePlugin->httpPut(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {}) - /var/www/domain/htdocs/3rdparty/sabre/event/lib/EventEmitterTrait.php line 105 call_user_func_array([Sabre\DAV\CorePlugin {},"httpPut"], [Sabre\HTTP\Requ ... }])
- /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php line 479 Sabre\Event\EventEmitter->emit("method:PUT", [Sabre\HTTP\Requ ... }])
- /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php line 254 Sabre\DAV\Server->invokeMethod(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
- /var/www/domain/htdocs/apps/dav/appinfo/v1/webdav.php line 82 Sabre\DAV\Server->exec()
- /var/www/domain/htdocs/remote.php line 165 require_once("/var/www/share. ... p")
PUT /remote.php/webdav/Documents/eicar.com
from x.x.x.x by yyy at 2020-01-21T13:50:36+00:00
`
Adding my own logs here in hopes this gets fixed. These logs are for issues #148 and #119 (This one)
Steps to reproduce
- Downloaded a virus test file (just any file you know is infected and will be detected by ClamAV)
- Attempt to upload above file to web interface
Expected behaviour
- File should be logged only or deleted, depending on the server settings.
- A notification telling the user a file was deleted due to being infected should be shown.
Actual behaviour
- File gets deleted as soon as it gets detected, despite being set to log only.
- "An unknown error has occurred" notification appears instead of the intended "Infected file deleted..." message
Server configuration detail
Operating system: Linux 5.4.0-48-generic #52-Ubuntu SMP Thu Sep 10 10:58:49 UTC 2020 x86_64
Webserver: Apache (fpm-fcgi)
Database: pgsql PostgreSQL 12.4 (Ubuntu 12.4-0ubuntu0.20.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 9.3.0-10ubuntu2) 9.3.0, 64-bit
PHP version:
7.4.3 Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, sodium, cgi-fcgi, json, igbinary, apcu, smbclient, PDO, xml, bcmath, bz2, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, gmp, iconv, imagick, imap, intl, redis, ldap, exif, pdo_pgsql, pgsql, Phar, posix, readline, shmop, SimpleXML, soap, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, xmlreader, xmlwriter, xsl, zip, libsmbclient, Zend OPcache
Nextcloud version: 19.0.3 - 19.0.3.1
Updated from an older Nextcloud/ownCloud or fresh install: Fresh Install
Where did you install Nextcloud from: nextcloud/vm
Signing status
Array ( )
List of activated apps
Enabled:
- accessibility: 1.5.0
- activity: 2.12.0
- admin_audit: 1.9.0
- announcementcenter: 3.8.1
- appointments: 1.7.6
- apporder: 0.11.0
- audioplayer: 2.11.2
- audioplayer_editor: 0.2.2
- breezedark: 19.0.4
- calendar: 2.0.4
- camerarawpreviews: 0.7.8
- checksum: 0.4.5
- cloud_federation_api: 1.2.0
- comments: 1.9.0
- contacts: 3.3.0
- contactsinteraction: 1.0.0
- cospend: 1.0.5
- data_request: 1.6.0
- dav: 1.15.0
- deck: 1.0.5
- dicomviewer: 1.2.2
- documentserver_community: 0.1.7
- drawio: 0.9.7
- duplicatefinder: 0.0.2
- event_update_notification: 1.0.2
- external: 3.6.0
- extract: 1.2.4
- federatedfilesharing: 1.9.0
- federation: 1.9.0
- files: 1.14.0
- files_3d: 0.3.1
- files_accesscontrol: 1.9.1
- files_antivirus: 3.0.0
- files_automatedtagging: 1.9.0
- files_fulltextsearch: 1.4.3
- files_linkeditor: 1.1.2
- files_lock: 0.8.3
- files_markdown: 2.3.1
- files_pdfviewer: 1.8.0
- files_photospheres: 1.19.1
- files_rightclick: 0.16.0
- files_sharing: 1.11.0
- files_trackdownloads: 1.8.0
- files_trashbin: 1.9.0
- files_versions: 1.12.0
- files_videoplayer: 1.8.0
- firstrunwizard: 2.8.0
- forms: 2.0.4
- fulltextsearch: 1.4.2
- fulltextsearch_elasticsearch: 1.5.2
- groupfolders: 7.0.0
- imageconverter: 1.2.1
- issuetemplate: 0.7.0
- logreader: 2.4.0
- lookup_server_connector: 1.7.0
- metadata: 0.12.0
- music: 0.16.0
- news: 14.2.2
- nextcloud_announcements: 1.8.0
- notes: 3.6.4
- notifications: 2.7.0
- oauth2: 1.7.0
- onlyoffice: 6.0.0
- password_policy: 1.9.1
- photos: 1.1.0
- polls: 1.4.3
- previewgenerator: 2.3.0
- printer: 0.0.3
- privacy: 1.3.0
- provisioning_api: 1.9.0
- quota_warning: 1.8.0
- ransomware_detection: 0.8.0
- ransomware_protection: 1.7.0
- recommendations: 0.7.0
- registration: 0.5.0
- serverinfo: 1.9.0
- settings: 1.1.0
- sharebymail: 1.9.0
- sharingpath: 0.2.5
- side_menu: 1.16.0
- social: 0.3.1
- socialsharing_diaspora: 2.1.0
- socialsharing_email: 2.1.0
- socialsharing_facebook: 2.1.0
- socialsharing_twitter: 2.1.0
- spreed: 9.0.4
- support: 1.2.1
- survey_client: 1.7.0
- systemtags: 1.9.0
- talk_simple_poll: 1.1.1
- tasks: 0.13.3
- text: 3.0.1
- theming: 1.10.0
- twofactor_backupcodes: 1.8.0
- unsplash: 1.1.6
- updatenotification: 1.9.0
- video_converter: 0.1.4
- viewer: 1.3.0
- workflow_pdf_converter: 1.4.0
- workflow_script: 1.4.0
- workflowengine: 2.1.0
Disabled:
- encryption
- facerecognition
- files_external
- mail
- radio
- user_ldap
Configuration (config/config.php)
{
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost",
"10.0.2.15",
"loveazure.cloud",
"loveazure.cloud",
"192.168.86.20"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "pgsql",
"version": "19.0.3.1",
"overwrite.cli.url": "https:\/\/loveazure.cloud\/",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"upgrade.disable-web": "true",
"log_type": "file",
"logfile": "\/var\/log\/nextcloud\/nextcloud.log",
"loglevel": "2",
"log.condition": {
"apps": [
"admin_audit"
]
},
"mail_smtpmode": "smtp",
"remember_login_cookie_lifetime": "31449600",
"log_rotate_size": "0",
"trashbin_retention_obligation": "auto, 180",
"versions_retention_obligation": "auto, 365",
"simpleSignUpLink.shown": false,
"memcache.local": "\\OC\\Memcache\\APCu",
"filelocking.enabled": true,
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 0,
"timeout": 0.5,
"dbindex": 0,
"password": "***REMOVED SENSITIVE VALUE***"
},
"logtimezone": "US\/Eastern",
"htaccess.RewriteBase": "\/",
"maintenance": false,
"enable_previews": true,
"enabledPreviewProviders": [
"OC\\Preview\\PNG",
"OC\\Preview\\JPEG",
"OC\\Preview\\GIF",
"OC\\Preview\\BMP",
"OC\\Preview\\MarkDown",
"OC\\Preview\\MP3",
"OC\\Preview\\TXT",
"OC\\Preview\\Movie",
"OC\\Preview\\Photoshop",
"OC\\Preview\\SVG",
"OC\\Preview\\TIFF"
],
"preview_max_x": "2048",
"preview_max_y": "2048",
"jpeg_quality": "60",
"mail_smtpsecure": "tls",
"mail_sendmailmode": "smtp",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "587",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"app_install_overwrite": [
"dicomviewer",
"radio"
]
}
Are you using external storage, if yes which one: no
Are you using encryption: no
Are you using an external user-backend, if yes which one: no
Client configuration
Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
Operating system: Windows 10 Pro; Version 2004; Build 19041.338
Logs
Web server error log
Nextcloud log
https://loveazure.cloud/s/fEnwFyN7Rb66t9W (needs mirror, I cannot guarantee availability on my own server)
Browser log
No relevant logs. Just a bunch of jquery depreciation warnings that are present even in a fresh install
- File gets deleted as soon as it gets detected, despite being set to log only.
@EmilyLove26 The choice between 'delete' and 'log only' applies to background scans (cron). For uploads by browser or sync client, there's no such choice. (Or, the docs are wrong)
The fact is that there are 2 different jobs are implemented and not well documented.
- Is a background in meaning of periodical Cron job with scanning all files. Could be configured via Admin panel, but has few Problems #150 and #152 and not working as expected.
- Is non-background job in meaning of direct checking by uploading of new files. Will not produce mean full error message (this ticket), will reduce upload speed #147 and delete files #148 without any other option #126
