From 5663860dff256043c25df97127ed5828ac8b442b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 7 Jan 2010 22:12:41 +0000 Subject: [PATCH] New: Can use any antivirus --- ChangeLog | 1 + htdocs/admin/mails.php | 2 +- htdocs/admin/security_other.php | 20 +++++++++--------- htdocs/langs/en_US/admin.lang | 4 ++++ htdocs/langs/fr_FR/admin.lang | 4 ++++ htdocs/lib/antivir.class.php | 36 +++++++++++++++++++++++---------- htdocs/lib/functions.lib.php | 21 +++++++++++++------ 7 files changed, 59 insertions(+), 29 deletions(-) diff --git a/ChangeLog b/ChangeLog index bd883f70196..99c8e0aedad 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ English Dolibarr ChangeLog ***** ChangeLog for 2.8 compared to 2.7 ***** For users: +- New: Can use any antivirus on file upload. - New: A customer can also be a prospect. - New: task #9802 : Can link an action to a project. - New: Initial sold can be conciliated. diff --git a/htdocs/admin/mails.php b/htdocs/admin/mails.php index 18fdb57ecd1..cc48a57ee41 100644 --- a/htdocs/admin/mails.php +++ b/htdocs/admin/mails.php @@ -88,7 +88,7 @@ if ($_POST['addfile'] || $_POST['addfilehtml']) } else { - // Echec transfert (fichier d�passant la limite ?) + // Echec transfert (fichier depassant la limite ?) $message = '
'.$langs->trans("ErrorFileNotUploaded").'
'; // print_r($_FILES); } diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php index d1b36ca5187..0044e050c86 100644 --- a/htdocs/admin/security_other.php +++ b/htdocs/admin/security_other.php @@ -45,10 +45,8 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) $result=create_exdir($upload_dir); // Create dir if not exists if ($result >= 0) { - @dol_delete_file($upload_dir . "/" . $_FILES['userfile']['name'],1); - - $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0); - if ($resupload > 0) + $resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],1); + if (is_numeric($resupload) && $resupload > 0) { $mesg = '
'.$langs->trans("FileTransferComplete").'
'; //print_r($_FILES); @@ -57,8 +55,8 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) { // Echec transfert (fichier depassant la limite ?) $mesg = '
'.$langs->trans("ErrorFileNotUploaded"); - $mesg.= 'ee'; - $mesg.'
'; + if (is_array($resupload)) $mesg.= '
'.dol_nl2br(join("\n",$resupload)); + $mesg.= ''; // print_r($_FILES); } } @@ -169,7 +167,7 @@ print ''.$langs->trans("SessionTimeOut").''; print $form->textwithpicto('',$langs->trans("SessionExplanation",ini_get("session.gc_probability"),ini_get("session.gc_divisor"))); print ''; print ''; -print ' '.$langs->trans("seconds"); +print ' '.$langs->trans("seconds"); print ''; print ''; print ''; @@ -248,7 +246,7 @@ if ($max) print ' '.$langs->trans("MustBeLowerThanPHPLimit",$max*1024,$langs->tr else print ' '.$langs->trans("NoMaxSizeByPHPLimit").'.'; print ''; print ''; -print ' '.$langs->trans("Kb"); +print ' '.$langs->trans("Kb"); print ''; print ''; print ''; @@ -263,7 +261,7 @@ print ''.$langs->trans("UMask").''; print $form->textwithpicto('',$langs->trans("UMaskExplanation")); print ''; print ''; -print ''; +print ''; print ''; print ''; print ''; @@ -278,7 +276,7 @@ print ''.$langs->trans("AntiVirusCommand").'
'; print $langs->trans("AntiVirusCommandExample"); print ''; print ''; -print ''; +print ''; print ""; print ''; print ''; @@ -294,7 +292,7 @@ print ''.$langs->trans("AntiVirusParam").'
'; print $langs->trans("AntiVirusParamExample"); print ''; print ''; -print ''; +print ''; print ""; print ''; print ''; diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 16337edcdbd..0101607c3cd 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -65,6 +65,10 @@ NoMaxSizeByPHPLimit=Note: No limit is set in your PHP configuration MaxSizeForUploadedFiles=Maximum size for uploaded files (0 to disallow any upload) UseCaptchaCode=Use graphical code (CAPTCHA) on login page UseAvToScanUploadedFiles=Use anti-virus to scan uploaded files +AntiVirusCommand = Full path to antivirus command +AntiVirusCommandExample = Example for ClamWin: c:\Program Files (x86)\ClamWin\bin\clamscan.exe
Example for ClamAv: /usr/bin/clamscan +AntiVirusParam = More parameters on command line +AntiVirusParamExample = Example for ClamWin: --database="C:\Program Files (x86)\ClamWin\lib" ComptaSetup=Accounting module setup UserSetup=Users' management setup MenuSetup=Menus' management setup diff --git a/htdocs/langs/fr_FR/admin.lang b/htdocs/langs/fr_FR/admin.lang index a35ee7936e8..ce7b9d2bbcc 100644 --- a/htdocs/langs/fr_FR/admin.lang +++ b/htdocs/langs/fr_FR/admin.lang @@ -65,6 +65,10 @@ NoMaxSizeByPHPLimit = Aucune limite interne à votre serveur PHP MaxSizeForUploadedFiles = Taille maximum des documents uploadés (0 pour interdire l'upload) UseCaptchaCode = Utilisation du code graphique (CAPTCHA) sur la page de login UseAvToScanUploadedFiles = Utilisation d'un anti-virus pour scanner les fichiers uploadés +AntiVirusCommand = Chemin complet vers la commande antivirus +AntiVirusCommandExample = Exemple pour ClamWin: c:\Program Files (x86)\ClamWin\bin\clamscan.exe
Exemple pour ClamAv: /usr/bin/clamscan +AntiVirusParam = Paramètres supplémentaire sur la ligne de commande +AntiVirusParamExample = Exemple pour ClamWin: --database="C:\Program Files (x86)\ClamWin\lib" ComptaSetup = Configuration du module Comptabilité UserSetup = Configuration gestion des utilisateurs MenuSetup = Administration des menus par base de données diff --git a/htdocs/lib/antivir.class.php b/htdocs/lib/antivir.class.php index 259338e05a2..354c5f39886 100644 --- a/htdocs/lib/antivir.class.php +++ b/htdocs/lib/antivir.class.php @@ -34,6 +34,7 @@ class AntiVir { var $error; + var $errors; var $output; var $db; @@ -51,7 +52,7 @@ class AntiVir /** * \brief Scan a file with antivirus * \param file File to scan - * \return malware Name of virus found or '' + * \return int <0 if KO (-98 if error, -99 if virus), 0 if OK */ function dol_avscan_file($file) { @@ -71,27 +72,26 @@ class AntiVir $command=$conf->global->MAIN_ANTIVIRUS_COMMAND; $param=$conf->global->MAIN_ANTIVIRUS_PARAM; - if (preg_match('/%file/',$conf->global->MAIN_ANTIVIRUS_PARAM)) $param=preg_replace('/%file/',trim($file),$param); - else $param=trim($file); $param=preg_replace('/%maxreclevel/',$maxreclevel,$param); $param=preg_replace('/%maxfiles/',$maxfiles,$param); $param=preg_replace('/%maxratio/',$maxratiod,$param); $param=preg_replace('/%bz2archivememlim/',$bz2archivememlim,$param); $param=preg_replace('/%maxfilesize/',$maxfilesize,$param); + $param=preg_replace('/%file/',trim($file),$param); + + if (! preg_match('/%file/',$conf->global->MAIN_ANTIVIRUS_PARAM)) + $param=$param." ".escapeshellarg(trim($file)); - // Create a clean fullcommand - //print $command." ".$param; if (preg_match("/\s/",$command)) $command=escapeshellarg($command); // Use quotes on command - if (preg_match("/\s/",$param)) $param=escapeshellarg($param); // Use quotes on param - //print $command." ".$param; $output=array(); $return_var=0; + // Create a clean fullcommand $fullcommand=$command.' '.$param.' 2>&1'; - dol_syslog("Run command=".$fullcommand); + dol_syslog("AntiVir::dol_avscan_file Run command=".$fullcommand); exec($fullcommand, $output, $return_var); -/* + /* $handle = fopen($outputfile, 'w'); if ($handle) { @@ -120,9 +120,23 @@ class AntiVir } */ - dol_syslog("Result return_var=".$return_var." output=".join(',',$output)); + dol_syslog("AntiVir::dol_avscan_file Result return_var=".$return_var." output=".join(',',$output)); - return $return; + $returncodevirus=1; + if ($return_var == $returncodevirus) // Virus found + { + $this->errors=$output; + return -99; + } + + if ($return_var > 0) // If other error + { + $this->errors=$output; + return -98; + } + + // If return code = 0 + return 1; } } diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php index e5b9cbea435..5792b5cdfde 100644 --- a/htdocs/lib/functions.lib.php +++ b/htdocs/lib/functions.lib.php @@ -1928,11 +1928,12 @@ function dol_print_error_email() /** - * \brief Deplacer les fichiers telecharges, apres quelques controles divers + * \brief Move an uploaded file after some controls. + * If there is errors (virus found, antivir in error, bad filename), file is not moved. * \param src_file Source filename * \param dest_file Target filename * \param allowoverwrite Overwrite if exists - * \return int >0 if OK, <0 if KO (-99 if virus found), Name of virus if virus found + * \return int >0 if OK, <0 if KO (an array with virus or errors if virus found or errors) */ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite) { @@ -1947,7 +1948,13 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite) require_once(DOL_DOCUMENT_ROOT.'/lib/antivir.class.php'); $antivir=new AntiVir($db); $result = $antivir->dol_avscan_file($src_file); - if ($result < 0) return -99; + if ($result < 0) // If virus or error, we stop here + { + $reterrors=$antivir->errors; + dol_syslog("Functions.lib::dol_move_uploaded_file File ".$file_name." KO with antivir", LOG_WARNING); + //return $reterrors; + return -99; + } } // Security: @@ -1972,7 +1979,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite) if (preg_match('/^\./',$dest_file) || preg_match('/\.\./',$dest_file) || preg_match('/[<>|]/',$dest_file)) { dol_syslog("Refused to deliver file ".$dest_file, LOG_WARNING); - return -1; + return -2; } // The file functions must be in OS filesystem encoding. @@ -1985,7 +1992,7 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite) if (file_exists($file_name_osencoded)) { dol_syslog("Functions.lib::dol_move_uploaded_file File ".$file_name." already exists", LOG_WARNING); - return -2; + return -3; } } @@ -2000,8 +2007,10 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite) else { dol_syslog("Functions.lib::dol_move_uploaded_file Failed to move ".$src_file." to ".$file_name, LOG_ERR); - return -3; + return -4; } + + return 1; }