共生体/silverstripe-steamedclams

安装次数: 6,956

依赖关系: 0

建议者: 0

安全性: 0

星级: 13

关注者: 5

分支: 15

开放性问题: 6

类型:silverstripe-vendormodule

3.0.1 2020-06-01 06:04 UTC

This package is auto-updated.

Last update: 2024-08-29 05:00:13 UTC


README

使用ClamAV,该模块在文件上传时扫描文件,如果检测到病毒则拒绝上传。如果ClamAV守护进程停止运行,它将记录文件需要扫描,此时您可以选择在守护进程重新上线后通过CMS手动扫描文件,运行夜间cron扫描文件,或者如果您已安装queuedjobs,它将在夜间自动扫描遗漏的文件。

Composer安装

composer require symbiote/silverstripe-steamedclams:~2.0

屏幕截图

ModelAdmin

UploadField

快速开始

  1. 在Unix/Linux上安装ClamAV。
sudo apt install clamav clamav-daemon

在需要时运行 sudo apt-get install apt-get update

  1. 启动clamav-daemon
sudo service clamav-freshclam restart
# wait ~2 minutes
sudo service clamav-daemon start

并检查clamav-daemon是否正在运行。

 sudo service clamav-daemon status
  1. 设置套接字权限 如果没有创建,clamav-daemon将创建此/var/run/clamav/clamd.ctl。
sudo mkdir /var/run/clamav
sudo chown -R user:group /var/run/clamav

'defaultsite'是该用户和组的所有者。

  1. 配置clamd.conf
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/run/clamav/clamd.ctl

(可选)您可以使用不同的套接字路径,但您需要将其在下面的config YML中更改以匹配您的clamd.conf

Symbiote\SteamedClams\ClamAV:
  clamd:
    LocalSocket: '/var/run/clamav/clamd.ctl'
  1. 运行dev/build?flush后,所有文件在上传/验证期间应自动扫描病毒。如果您使用

  2. 为了检查其是否正常运行,它应该在http://{mysite.com}/admin/clamav显示为ONLINE

配置

Symbiote\SteamedClams\ClamAV:
  # Make this the same as your clamd.conf settings
  clamd:
    LocalSocket: '/var/run/clamav/clamd.ctl'
  # If true and the ClamAV daemon isn't running or isn't installed the file will be denied as if it has a virus.
  deny_on_failure: false
  # For configuring on existing site builds and ignoring the scanning of pre-module install `File` records. 
  initial_scan_ignore_before_datetime: '1970-12-25 00:00:00'

如果您已安装QueuedJobs模块,您可以配置ClamAV守护进程遗漏的文件何时扫描。此作业仅在文件上传时无法连接到守护进程时才会排队。

Symbiote\SteamedClams\ClamAVScanJob:
  # This job will queue itself on dev/build by default if `File` records have been missed in scanning.
  disable_queue_on_devbuild: false
  # Repeat at daily by default (in seconds).
  repeat_time: 86400
  # Repeat at 2am by default
  time: '02:00:00'

在现有项目上安装

通过运行以下任务,所有在模块安装之前上传的文件都将被扫描。

/dev/tasks/Symbiote-SteamedClams-ClamAVInstallTask

要忽略特定日期之前的某些文件,您可以在您的YML文件中配置日期时间,如下所示

Symbiote\SteamedClams\ClamAV:
  initial_scan_ignore_before_datetime: '2015-06-06 00:00:00'

模拟模式

要模拟ClamAV结果,请在您的YML中输入

Injector:
  Symbiote\SteamedClams\ClamAV:
    class: Symbiote\SteamedClams\ClamAVEmulator

然后在您的_config.php中,在不同的测试模式之间切换

<?php

use Symbiote\SteamedClams\ClamAV;
use Symbiote\SteamedClams\ClamAVEmulator;

// Use this instead of YAML for quicker testing
Config::inst()->update('Injector', 'Symbiote\SteamedClams\ClamAV', array('class' => 'Symbiote\SteamedClams\ClamAVEmulator'));

// If no virus found
ClamAVEmulator::config()->mode = ClamAVEmulator::MODE_NO_VIRUS;

// If virus found (Eicar-Test-Signature)
ClamAVEmulator::config()->mode = ClamAVEmulator::MODE_HAS_VIRUS;

// If ClamAV daemon isn't running
ClamAVEmulator::config()->mode = ClamAVEmulator::MODE_OFFLINE;

支持

  • Silverstripe 4.0及以上
  • 版本化文件
  • CDN内容
  • 对于Silverstripe 3.2及以上(3.1应该也可以,如果您确定不行,请创建一个问题)请使用1.0

致谢

Barakat S 为clamd PHP接口 "How to Forge" 用户 为修复权限问题