nextcloud
File is not eliminated even when message reads "The file has been removed" on S3 storage (primary)
Steps to reproduce
- Upload test file (using eicar.zip file)
- Setup is as follows: ClamAV Daemon (socket), /var/run/clamav/clamd.ctl, 26214400, -1, -1, Only log
- When file is uploaded the message is correct and the file does not appear on file directory
- Using S3 as primary storage (backblaze b2)
- The file exists on bucket, even when the "virus" is detected and the message is that i was not uploaded
Expected behaviour
Tell us what should happen
The "infected" file should not be in the bucket.
Actual behaviour
Tell us what happens instead
The "infected" file is in the bucket, not on the file directoy, but persists on the bucket. This means now that the infected file will live in the bucket even if the system does not identifies it as existent (it is not listed or accesible anywhere in the UI)
Server configuration
Operating system: Ubuntu 22.04
Web server:. Linux
Database:. MariaDB
PHP version: 8.0.30
Nextcloud version: (see Nextcloud admin page) Nextcloud Hub 5 (27.0.2). Last version Stable channel at this moment
Where did you install Nextcloud from:. Plesk
List of activated apps:
Activity 2.19.0 Destacado Antivirus for files 5.2.2 Circles 27.0.1 Destacado Collaborative tags 1.17.0 Destacado Comments 1.17.0 Destacado Contacts Interaction 1.8.0 Destacado Dashboard 7.7.0 Destacado Deleted files 1.17.0 Destacado Federation 1.17.0 Destacado File sharing 1.19.0 Destacado First run wizard 2.16.0 Destacado Log Reader 2.12.0 Destacado Monitoring 1.17.0 Destacado Nextcloud announcements 1.16.0 Destacado Notifications 2.15.0 Destacado Password policy 1.17.0 Destacado PDF viewer 2.8.0 Destacado Photos 2.3.0 Destacado Privacy 1.11.0 Destacado Recommendations 1.6.0 Destacado Related Resources 1.2.0 Destacado Right click 1.6.0 Destacado Share by mail 1.17.0 Destacado Support 1.10.0 Destacado Text 3.8.0 Destacado Update notification 1.17.0 Destacado Usage survey 1.15.0 Destacado User status 1.7.0 Destacado Versions 1.20.0 Destacado Weather status 1.7.0 Destacado
ALL APPS ARE UPDATED at this moment
If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder
Enabled:
- activity: 2.19.0
- calendar: 4.4.5
- circles: 27.0.1
- cloud_federation_api: 1.10.0
- comments: 1.17.0
- contactsinteraction: 1.8.0
- dashboard: 7.7.0
- dav: 1.27.0
- federatedfilesharing: 1.17.0
- federation: 1.17.0
- files: 1.22.0
- files_antivirus: 5.2.2
- files_pdfviewer: 2.8.0
- files_rightclick: 1.6.0
- files_sharing: 1.19.0
- files_trashbin: 1.17.0
- files_versions: 1.20.0
- firstrunwizard: 2.16.0
- logreader: 2.12.0
- lookup_server_connector: 1.15.0
- nextcloud_announcements: 1.16.0
- notifications: 2.15.0
- oauth2: 1.15.1
- password_policy: 1.17.0
- photos: 2.3.0
- privacy: 1.11.0
- provisioning_api: 1.17.0
- recommendations: 1.6.0
- related_resources: 1.2.0
- serverinfo: 1.17.0
- settings: 1.9.0
- sharebymail: 1.17.0
- support: 1.10.0
- survey_client: 1.15.0
- systemtags: 1.17.0
- tasks: 0.15.0
- text: 3.8.0
- theming: 2.2.0
- twofactor_backupcodes: 1.16.0
- updatenotification: 1.17.0
- user_status: 1.7.0
- viewer: 2.1.0
- weather_status: 1.7.0
- workflowengine: 2.9.0 Disabled:
- admin_audit: 1.17.0
- bruteforcesettings: 2.7.0
- encryption: 2.15.0
- files_external: 1.19.0
- suspicious_login: 5.0.0
- twofactor_totp: 9.0.0
- user_ldap: 1.17.0
Nextcloud configuration:
If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder
{
"system": {
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost",
"***REMOVED SENSITIVE VALUE***"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "27.0.2.1",
"overwrite.cli.url": "http:\/\/localhost",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"filelocking.enabled": false,
"objectstore": {
"class": "OC\\Files\\ObjectStore\\S3",
"arguments": {
"bucket": "***REMOVED SENSITIVE VALUE***",
"autocreate": true,
"key": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"hostname": "s3.us-east-005.backblazeb2.com",
"port": 443,
"use_ssl": true,
"region": "s3.us-east-005",
"use_path_style": false
}
},
"mail_smtpmode": "smtp",
"mail_smtpsecure": "ssl",
"mail_sendmailmode": "smtp",
"mail_smtpport": "465",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauth": 1,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"maintenance": false
}
}
or
Insert your config.php content here
Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …)
Client configuration
Browser: Chrome
Operating system:
Logs
Nextcloud log (data/owncloud.log)
Insert your Nextcloud log here
Browser log
Insert your browser log here, this could for example include:
a) The javascript console log
b) The network log
c) ...
