ownCloud Antivirus App

files_antivirus is an antivirus app for ownCloud based on ClamAV.

Details

The idea is to check for virus at upload-time, notifying the user (on screen and/or email) and remove the file if it's infected.

QA metrics on master branch:

Status

The App is not complete yet, the following works/is done:

• It can be configured to work with the executable or the daemon mode of ClamAV
• If used in daemon mode it can connect through network- or local file-socket
• In daemon mode, it sends files to a remote/local server using INSTREAM command
• When the user uploads a file, it's checked
• If an uploaded file is infected, it's deleted and a notification is shown to the user on screen and an email is sent with details.
• Tested in Linux only
• Background Job to scan all files
• Test uploading from clients
• File size limit

ToDo

• Configurations Tuneups
• Other OS Testing
• Look for ideas :P

Requirements

• ClamAV (Binaries or a server running ClamAV in daemon mode)

Install

• Install and enable the App
• Go to Admin Panel and configure the App

Enterprise Feature: ICAP Antivirus integration

The Files Antivirus app can support the ICAP protocol if you are using the ownCloud Enterprise Edition.

Using the ICAP mode requires a valid enterprise license. If no license key is present, it will trigger the grace period to obtain a valid key. After the expiration of the grace period / license key, the files_antivirus app will be disabled.

Run with c-icap/clamav

c-icap has a built-in clamav module see https://sourceforge.net/p/c-icap/wiki/ModulesConfiguration/

An out-of-the-box docker image for testing purpose is available at https://hub.docker.com/r/deepdiver/icap-clamav-service

For simple local testing run docker run -ti deepdiver/icap-clamav-service and get it's ip using docker inspect. The IP address needs to be setup in the configuration - see above

The request service for clamav has to be set to 'avscan' and the response header to 'X-Infection-Found'

Run with Kaspersky

Kaspersky provides docker images as well (https://box.kaspersky.com/d/c8d8577dc2494256b45e/) Follow the instructions in Kaspersky ScanEngine for Kubernetes.7z

Additional configuration: Enable Allow204 - this is necessary to tell kav to not send back the file contents. see https://support.kaspersky.com/ScanEngine/1.0/en-US/201151.htm

The request service for clamav has to be set to 'req' and the response header to 'X-Virus-ID'

NOTE: The older versions of KAV did not send back the virus/infection name in an icap header.

In v2.0.0 the header to transport the virus can be configured. Default: No header is sent. see https://support.kaspersky.com/ScanEngine/1.0/en-US/201214.htm

Run with FortiSandbox in ICAP Mode

Select 'Fortinet' from the dropdown.

The request service for FortiSandbox has to be set to 'respmod' and the response header to 'X-Virus-Name'.

Fortinet provides product trials of FortiSandbox, please have a look at Fortinet.

Run with McAfee Web Gateway 10.x and higher in ICAP Mode

Select 'McAfee Web Gateway 10.x and higher' from the dropdown.

The request service for McAfee has to be set to 'respmod' and the response header to 'X-Virus-Name'.

McAfee provides product trial for evaluation purposes. Have a look at the McAfee Webpage for the Web Gateway.

Note: Product is now called 'Skyhigh Secure Web Gateway'

Authors:

Manuel Delgado López :: manuel.delgado at ucr.ac.cr
Bart Visscher
Viktar Dubiniuk