files_antivirus
files_antivirus copied to clipboard
nextcloud
Exclude files, can´t change something in webinterface
Steps to reproduce
- Install it
- Configure it and its still there.
Expected behaviour
Make exceptions like the whitelist.fp for files or for virus category. Should accept changes in the admin UI.
Actual behaviour
When I enter something like /.:Win.Virus.Ramnit-7537604-0. FOUND$/ in the webinterface it will not be accepted. More details on Discourse:
https://help.nextcloud.com/t/how-can-i-whitelist-some-files/89820/8
Server configuration detail
Operating system: Linux 4.15.0-112-generic 113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020 x86_64
Webserver: Apache/2.4.29 (Ubuntu) (fpm-fcgi)
Database: mysql 10.4.14
PHP version:
7.4.9 Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, sodium, cgi-fcgi, pdlib, mysqlnd, PDO, xml, apcu, bcmath, bz2, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, gmp, iconv, imagick, intl, json, exif, mysqli, pdo_mysql, apc, posix, readline, redis, shmop, SimpleXML, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, xmlreader, xmlwriter, xsl, zip, Phar, Zend OPcache
Nextcloud version: 19.0.2 - 19.0.2.2
Updated from an older Nextcloud/ownCloud or fresh install: yes
Where did you install Nextcloud from: nextcloud.com
List of activated apps
Enabled:
- accessibility: 1.5.0
- activity: 2.12.0
- admin_audit: 1.9.0
- admin_notifications: 1.0.2
- apporder: 0.10.0
- bookmarks: 3.3.4
- bruteforcesettings: 2.0.0
- calendar: 2.0.4
- camerarawpreviews: 0.7.8
- cloud_federation_api: 1.2.0
- comments: 1.9.0
- contacts: 3.3.0
- contactsinteraction: 1.0.0
- cookbook: 0.7.6
- data_request: 1.6.0
- dav: 1.15.0
- dicomviewer: 1.2.2
- duplicatefinder: 0.0.2
- emlviewer: 0.0.17
- epubreader: 1.4.2
- event_update_notification: 1.0.2
- external: 3.6.0
- extract: 1.2.4
- facerecognition: 0.6.3
- federatedfilesharing: 1.9.0
- federation: 1.9.0
- files: 1.14.0
- files_antivirus: 2.4.1
- files_downloadactivity: 1.8.0
- files_linkeditor: 1.1.2
- files_pdfviewer: 1.8.0
- files_retention: 1.8.2
- files_rightclick: 0.16.0
- files_sharing: 1.11.0
- files_trackdownloads: 1.8.0
- files_trashbin: 1.9.0
- files_versions: 1.12.0
- files_videoplayer: 1.8.0
- firstrunwizard: 2.8.0
- geoblocker: 0.3.2
- gpxmotion: 0.0.11
- imageconverter: 1.2.1
- impersonate: 1.6.1
- issuetemplate: 0.6.0
- logreader: 2.4.0
- lookup_server_connector: 1.7.0
- maps: 0.1.6
- metadata: 0.12.0
- news: 14.1.11
- nextcloud_announcements: 1.8.0
- notifications: 2.7.0
- oauth2: 1.7.0
- ocdownloader: 1.7.8
- password_policy: 1.9.1
- passwords: 2020.8.0
- phonetrack: 0.6.4
- photos: 1.1.0
- polls: 1.4.3
- privacy: 1.3.0
- provisioning_api: 1.9.0
- quickaccesssorting: 1.0.3
- quota_warning: 1.8.0
- ransomware_detection: 0.8.0
- ransomware_protection: 1.7.0
- recommendations: 0.7.0
- serverinfo: 1.9.0
- settings: 1.1.0
- sharebymail: 1.9.0
- socialsharing_email: 2.1.0
- spreed: 9.0.3
- support: 1.2.1
- survey_client: 1.7.0
- suspicious_login: 3.1.0
- systemtags: 1.9.0
- tasks: 0.13.3
- text: 3.0.1
- theming: 1.10.0
- twofactor_backupcodes: 1.8.0
- twofactor_nextcloud_notification: 2.3.0
- twofactor_totp: 5.0.0
- updatenotification: 1.9.0
- viewer: 1.3.0
- workflowengine: 2.1.0
Disabled:
- encryption
- files_external
- files_external_dropbox
- files_external_onedrive
- sharepoint
- user_ldap
Configuration (config/config.php)
{
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"192.168.178.30",
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"overwrite.cli.url": "https:\/\/domain.de",
"htaccess.RewriteBase": "\/",
"default_language": "de",
"default_locale": "de",
"dbtype": "mysql",
"version": "19.0.2.2",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"maintenance": false,
"theme": "",
"logtimezone": "Europe\/Berlin",
"log_rotate_size": 104857600,
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "smtp",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpsecure": "tls",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"loglevel": 0,
"quota_include_external_storage": false,
"enabledPreviewProviders": [
"OC\\Preview\\PNG",
"OC\\Preview\\JPEG",
"OC\\Preview\\GIF",
"OC\\Preview\\HEIC",
"OC\\Preview\\MP",
"OC\\Preview\\XBitmap",
"OC\\Preview\\MP3",
"OC\\Preview\\TXT",
"OC\\Preview\\MarkDown",
"OC\\Preview\\Movie",
"OC\\Preview\\MSOfficeDoc",
"OC\\Preview\\MSOffice2003",
"OC\\Preview\\MSOffice2007",
"OC\\Preview\\PDF"
],
"updater.release.channel": "stable",
"data-fingerprint": "abc123",
"mysql.utf8mb4": true,
"overwriteprotocol": "https",
"app_install_overwrite": [
"admin_notifications",
"files_external_dropbox",
"twofactor_rcdevsopenotp",
"files_opds",
"files_external_onedrive",
"dicomviewer",
"issuetemplate"
],
"auth.bruteforce.protection.enabled": true,
"memcache.local": "\\OC\\Memcache\\APCu",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 0,
"dbindex": 0,
"timeout": 1.5
},
"mail_sendmailmode": "smtp",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "587",
"updater.secret": "***REMOVED SENSITIVE VALUE***"
}
Are you using external storage, if yes which one: local/smb/sftp/...
Are you using encryption: false
Are you using an external user-backend, if yes which one: /Webdav/...
Client configuration
Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0
Operating system: Windows 10
Logs
Web server error log
sudo netstat -a|grep clam
unix 2 [ ACC ] STREAM LISTENING 2746553 /var/run/clamav/clamd.ctl
Error:
[Fri Aug 28 11:13:14.906618 2020] [proxy_fcgi:error] [pid 9233:tid 140160903591680] (70007)The timeout specified has expired: [client 89.204.153.61:60881] AH01075: Error dispatching request to : (reading input brigade)
[Fri Aug 28 12:27:07.358223 2020] [proxy_fcgi:error] [pid 9235:tid 140160903591680] (70008)Partial results are valid but processing is incomplete: [client 192.168.178.52:48695] AH01075: Error dispatching request to : (reading input brigade)
[Fri Aug 28 13:06:27.824212 2020] [access_compat:error] [pid 9233:tid 140160813491968] [client 192.168.178.54:50085] AH01797: client denied by server configuration: /var/www/nextcloud/config
[Fri Aug 28 13:10:15.024839 2020] [access_compat:error] [pid 9233:tid 140160729564928] [client 192.168.178.54:50434] AH01797: client denied by server configuration: /var/www/nextcloud/data/.ocdata
[Fri Aug 28 22:47:14.440039 2020] [access_compat:error] [pid 9233:tid 140160721172224] [client 192.168.178.54:49989] AH01797: client denied by server configuration: /var/www/nextcloud/config
[Fri Aug 28 23:45:09.276042 2020] [access_compat:error] [pid 9233:tid 140160805099264] [client 192.168.178.54:54827] AH01797: client denied by server configuration: /var/www/nextcloud/data/.ocdata
[Fri Aug 28 23:57:47.862974 2020] [access_compat:error] [pid 9233:tid 140160763135744] [client 192.168.178.54:56191] AH01797: client denied by server configuration: /var/www/nextcloud/data/.ocdata
[Sat Aug 29 00:37:11.504255 2020] [access_compat:error] [pid 9235:tid 140160920393472] [client 192.168.178.54:60208] AH01797: client denied by server configuration: /var/www/nextcloud/data/.ocdata
nothing to mention in access.
Nextcloud log
Insert your Nextcloud log here
{"reqId":"SkTqeMAeOlE8JHDUcRfE","level":0,"time":"2020-08-29T01:20:04+02:00","remoteAddr":"192.168.178.54","user":"admin","app":"serverDI","method":"GET","url":"/ocs/v2.php/apps/notifications/api/v2/notifications","message":"The requested alias \"PreviewManager\" is depreacted. Please request \"OCP\\IPreview\" directly. This alias will be removed in a future Nextcloud version.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0","version":"19.0.2.2"}
{"reqId":"Hi8PnSR2sv6flEcuuXFv","level":0,"time":"2020-08-29T01:20:04+02:00","remoteAddr":"192.168.178.54","user":"admin","app":"serverDI","method":"GET","url":"/settings/admin/security","message":"The requested alias \"PreviewManager\" is depreacted. Please request \"OCP\\IPreview\" directly. This alias will be removed in a future Nextcloud version.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0","version":"19.0.2.2"}
nothing more
Browser log
nothing to mention
@TimoHess I guess it's the wrong parts of your nextcloud.log.
grep your nextcloud.log file for the first entry (level: 0, app: files_antivirus, message: starts with Response:).
On that message you can apply regexp in the nextcloud admin menu.
{"reqId":"E5IIH1i9kx4ERHJaMxej","level":0,"time":"2020-09-09T22:45:06+02:00","remoteAddr":"192.168.178.54","user":"Timo","app":"files_antivirus","method":"PUT","url":"/remote.php/dav/uploads/Timo/3171924138/00000001","message":"Response :: stream: Win.Virus.Ramnit-7537604-0 FOUND\n","userAgent":"Mozilla/5.0 (Windows) mirall/3.0.1stable-Win64 (build 20200828) (Nextcloud)","version":"19.0.2.2"}
@markuman I like you linked issue, but for me there is the mistake that I even can´t add rules. I make some rule, reload the page and its gone...:
{"reqId":"tKB9fKTXxhm0Gy0dlM7X","level":0,"time":"2020-09-09T22:53:33+02:00","remoteAddr":"192.168.178.54","user":"admin","app":"serverDI","method":"GET","url":"/apps/files_antivirus/settings/rule/listall","message":"The requested alias "PreviewManager" is depreacted. Please request "OCP\IPreview" directly. This alias will be removed in a future Nextcloud version.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0","version":"19.0.2.2"}