共生体 / silverstripe-steamedclams
3.0.1
2020-06-01 06:04 UTC
Requires
Suggests
- silverstripe/queuedjobs: For allowing ClamAV 'missed files' scan to be run from a queued job. Otherwise you can run the tasks manually or via cronjob.
README
使用ClamAV,该模块在文件上传时扫描文件,如果检测到病毒则拒绝上传。如果ClamAV守护进程停止运行,它将记录文件需要扫描,此时您可以选择在守护进程重新上线后通过CMS手动扫描文件,运行夜间cron扫描文件,或者如果您已安装queuedjobs,它将在夜间自动扫描遗漏的文件。
Composer安装
composer require symbiote/silverstripe-steamedclams:~2.0
屏幕截图
快速开始
- 在Unix/Linux上安装ClamAV。
sudo apt install clamav clamav-daemon
在需要时运行 sudo apt-get install apt-get update
。
- 启动clamav-daemon
sudo service clamav-freshclam restart
# wait ~2 minutes
sudo service clamav-daemon start
并检查clamav-daemon是否正在运行。
sudo service clamav-daemon status
- 设置套接字权限 如果没有创建,clamav-daemon将创建此/var/run/clamav/clamd.ctl。
sudo mkdir /var/run/clamav
sudo chown -R user:group /var/run/clamav
'defaultsite'是该用户和组的所有者。
- 配置clamd.conf
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/run/clamav/clamd.ctl
(可选)您可以使用不同的套接字路径,但您需要将其在下面的config YML中更改以匹配您的clamd.conf
Symbiote\SteamedClams\ClamAV: clamd: LocalSocket: '/var/run/clamav/clamd.ctl'
-
运行dev/build?flush后,所有文件在上传/验证期间应自动扫描病毒。如果您使用
-
为了检查其是否正常运行,它应该在http://{mysite.com}/admin/clamav显示为ONLINE
配置
Symbiote\SteamedClams\ClamAV: # Make this the same as your clamd.conf settings clamd: LocalSocket: '/var/run/clamav/clamd.ctl' # If true and the ClamAV daemon isn't running or isn't installed the file will be denied as if it has a virus. deny_on_failure: false # For configuring on existing site builds and ignoring the scanning of pre-module install `File` records. initial_scan_ignore_before_datetime: '1970-12-25 00:00:00'
如果您已安装QueuedJobs模块,您可以配置ClamAV守护进程遗漏的文件何时扫描。此作业仅在文件上传时无法连接到守护进程时才会排队。
Symbiote\SteamedClams\ClamAVScanJob: # This job will queue itself on dev/build by default if `File` records have been missed in scanning. disable_queue_on_devbuild: false # Repeat at daily by default (in seconds). repeat_time: 86400 # Repeat at 2am by default time: '02:00:00'
在现有项目上安装
通过运行以下任务,所有在模块安装之前上传的文件都将被扫描。
/dev/tasks/Symbiote-SteamedClams-ClamAVInstallTask
要忽略特定日期之前的某些文件,您可以在您的YML
文件中配置日期时间,如下所示
Symbiote\SteamedClams\ClamAV: initial_scan_ignore_before_datetime: '2015-06-06 00:00:00'
模拟模式
要模拟ClamAV结果,请在您的YML中输入
Injector: Symbiote\SteamedClams\ClamAV: class: Symbiote\SteamedClams\ClamAVEmulator
然后在您的_config.php中,在不同的测试模式之间切换
<?php use Symbiote\SteamedClams\ClamAV; use Symbiote\SteamedClams\ClamAVEmulator; // Use this instead of YAML for quicker testing Config::inst()->update('Injector', 'Symbiote\SteamedClams\ClamAV', array('class' => 'Symbiote\SteamedClams\ClamAVEmulator')); // If no virus found ClamAVEmulator::config()->mode = ClamAVEmulator::MODE_NO_VIRUS; // If virus found (Eicar-Test-Signature) ClamAVEmulator::config()->mode = ClamAVEmulator::MODE_HAS_VIRUS; // If ClamAV daemon isn't running ClamAVEmulator::config()->mode = ClamAVEmulator::MODE_OFFLINE;
支持
致谢
Barakat S 为clamd PHP接口 "How to Forge" 用户 为修复权限问题