silbinarywolf/silverstripe-steamedclams

此包已被废弃,不再维护。作者建议使用 symbiote/silverstripe-steamedclams 包。

维护者

详细信息

github.com/SilbinaryWolf/silverstripe-steamedclams

源代码

问题

安装次数: 1,846

依赖项: 0

建议者: 0

安全性: 0

星级: 12

关注者: 4

分支: 9

类型:silverstripe-module

3.0.1 2020-06-01 06:04 UTC

Requires

Suggests

  • silverstripe/queuedjobs: For allowing ClamAV 'missed files' scan to be run from a queued job. Otherwise you can run the tasks manually or via cronjob.

BSD-3-Clause f1dc321be4a8b71780b566939ffa10148680ba18

  • Jake Bentvelzen <jake.woop@symbiote.com.au>

silverstripe

This package is not auto-updated.

Last update: 2022-02-01 13:03:37 UTC

README

使用ClamAV,此模块在文件上传时扫描文件,如果检测到病毒则拒绝上传。如果ClamAV守护进程宕机,它将记录需要扫描的文件,此时您可以手动通过CMS扫描文件(守护进程恢复在线后),运行夜间cron扫描文件,或者如果您已安装queuedjobs,它将在夜间自动扫描遗漏的文件。

Composer安装

composer require symbiote/silverstripe-steamedclams:~2.0

屏幕截图

ModelAdmin

UploadField

快速开始

  1. 在Unix/Linux上安装ClamAV。
sudo apt install clamav clamav-daemon

当需要时运行 sudo apt-get install apt-get update

  1. 启动clamav-daemon
sudo service clamav-freshclam restart
# wait ~2 minutes
sudo service clamav-daemon start

并检查clamav-daemon是否正在运行。

 sudo service clamav-daemon status
  1. 设置套接字权限。如果尚未创建,clamav-daemon将创建此 /var/run/clamav/clamd.ctl。
sudo mkdir /var/run/clamav
sudo chown -R user:group /var/run/clamav

'defaultsite' 是拥有所有权的用户和组。

  1. 配置clamd.conf
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/run/clamav/clamd.ctl

(可选) 您可以使用不同的套接字路径,但您需要在下面的配置YML中更改它以匹配您的clamd.conf

Symbiote\SteamedClams\ClamAV:
  clamd:
    LocalSocket: '/var/run/clamav/clamd.ctl'

  1. 运行dev/build?flush后,所有文件在上传/验证期间都应自动扫描病毒。如果您使用

  2. 要检查其是否正常运行,它应该在 http://{mysite.com}/admin/clamav 显示为在线

配置

Symbiote\SteamedClams\ClamAV:
  # Make this the same as your clamd.conf settings
  clamd:
    LocalSocket: '/var/run/clamav/clamd.ctl'
  # If true and the ClamAV daemon isn't running or isn't installed the file will be denied as if it has a virus.
  deny_on_failure: false
  # For configuring on existing site builds and ignoring the scanning of pre-module install `File` records. 
  initial_scan_ignore_before_datetime: '1970-12-25 00:00:00'

如果您已安装QueuedJobs模块,您可以配置ClamAV守护进程遗漏的文件扫描时间。此作业仅在守护进程在文件上传时无法连接时才会排队。

Symbiote\SteamedClams\ClamAVScanJob:
  # This job will queue itself on dev/build by default if `File` records have been missed in scanning.
  disable_queue_on_devbuild: false
  # Repeat at daily by default (in seconds).
  repeat_time: 86400
  # Repeat at 2am by default
  time: '02:00:00'

在现有项目上安装

运行以下任务后,将扫描模块安装之前上传的所有文件。

/dev/tasks/Symbiote-SteamedClams-ClamAVInstallTask

要忽略特定日期之前的某些文件,您可以在下面的YML文件中配置日期时间

Symbiote\SteamedClams\ClamAV:
  initial_scan_ignore_before_datetime: '2015-06-06 00:00:00'

模拟模式

要模拟ClamAV结果,请在您的YML中输入以下内容

Injector:
  Symbiote\SteamedClams\ClamAV:
    class: Symbiote\SteamedClams\ClamAVEmulator

然后在您的 _config.php 中,在各种测试模式之间切换

<?php

use Symbiote\SteamedClams\ClamAV;
use Symbiote\SteamedClams\ClamAVEmulator;

// Use this instead of YAML for quicker testing
Config::inst()->update('Injector', 'Symbiote\SteamedClams\ClamAV', array('class' => 'Symbiote\SteamedClams\ClamAVEmulator'));

// If no virus found
ClamAVEmulator::config()->mode = ClamAVEmulator::MODE_NO_VIRUS;

// If virus found (Eicar-Test-Signature)
ClamAVEmulator::config()->mode = ClamAVEmulator::MODE_HAS_VIRUS;

// If ClamAV daemon isn't running
ClamAVEmulator::config()->mode = ClamAVEmulator::MODE_OFFLINE;

支持

  • Silverstripe 4.0 及以上版本
  • 版本化文件
  • CDN内容
  • 对于Silverstripe 3.2及以上版本(3.1 应该可以工作,如果确定不行,请创建一个问题)使用1.0

致谢

Barakat S 为 clamd PHP接口 "How to Forge" 用户 修复权限问题