ClamScanPlugin

This plugin will scan all uploads of attachments using ClamAV. Unlike the similar ClamAVPlugin, this plugin is fully integrated into the configure system. It also uses more a efficient interface to ClamAV - it doesn't require copying the file. It also handles some protection and configuration issues that ClamAVPlugin doesn't.

ClamScanPlugin will cancel any attempt to upload an infected attachment. Unlike host-based scans, this means that there is no time window where an infected file can be distributed by the wiki.

Attempts to save a topic are also scanned, and will be canceled if a virus is detected.

Syntax Rules

• N/A This plug-in does not add any TML syntax.

Examples

• N/A

Plugin Settings

This plug-in's settings are managed by the wiki administrator using the configure interface. There are no user-configurable settings.

• One line description, is shown in the InstalledPlugins topic:
  • Set SHORTDESCRIPTION = Virus-scans uploads using ClamAV

• Debug plugin: (See output in data/debug.txt)
  • Set DEBUG = 0

Plugin Installation Instructions

Note: You do not need to install anything on the browser to use this plugin. The following instructions are for the administrator who installs the plugin on the TWiki server.

• Make sure clamd (the ClamAV daemon) is running. Test it with clamdscan.
• Download the ZIP file from the Plugin Home (see below)
• Unzip ClamScanPlugin.zip in your twiki installation directory. Content:

• Configure the Plugin:
  • TWiki 4.0 and up: Run the configure script.
  • Open the Virus Scanning Configuration settings bar to configure ClamScanPlugin for your system.
    • {Plugins}{ClamScanPlugin}{ClamdSocket}: Specify the communications socket for clamd. Use either a unix socket pathname or a tcp port number. Both only support the local host.
    • {Plugins}{ClamScanPlugin}{ClamdGroup}: If clamd runs under root, leave blank. Otherwise, specify the group name of your webserver, and make sure that the clamd user is a member.
    • {Plugins}{ClamScanPlugin}{CheckAll}: Enable if you want scans to report all viruses detected in each file; disable if you want the scan to stop after the first detection.
    • Do not enable the plugin.
  • Save the configuration settings, then enter configure again. Open the Virus Scanning Configuration settings bar. Configure will test communications with clamd and report the results under the ClamdSocket setting.
  • Once Configure reports that you are "Ready to enable ClamScanPlugin, clamd is available", Open the Plugins settings bar and check the {Plugins}{ClamScanPlugin}{Enabled} box. Then save the configuration settings. Enter configure one more time and make sure that no errors are reported.

• Test if the installation was successful:
  • Check the plugin status on your InstalledPlugins plugins page.
  • Upload an attachment to any topic, it should work normally.
  • If you want to test detection, see http://www.eicar.org/anti_virus_test_file.htm for a test virus (and all the caveats)

Plugin Info

Plugin Author:	TWiki:Main.TimotheLitt
Copyright:	© 2009, TWiki:Main.TimotheLitt
License:	GPL (GNU General Public License)
Plugin Version:	2009-09-21 (V1.000)
Change History:
2009-09-21:	Initial version
TWiki Dependency:	$TWiki::Plugins::VERSION 1.1
CPAN Dependencies:	File::Scan::ClamAV
Other Dependencies:	none
Perl Version:	5.008
Benchmarks:	GoodStyle nn%, FormattedSearch nn%, ClamScanPlugin nn%
Plugin Home:	http://TWiki.org/cgi-bin/view/Plugins/ClamScanPlugin
Feedback:	http://TWiki.org/cgi-bin/view/Plugins/ClamScanPluginDev
Appraisal:	http://TWiki.org/cgi-bin/view/Plugins/ClamScanPluginAppraisal

Related Topics: TWikiPlugins, DeveloperDocumentationCategory, AdminDocumentationCategory, TWikiPreferences

-- TWiki:Main.TimotheLitt - 21 Sep 2009