Infected files not flagged when additional options added in Attachment Checker Config
Background
We've used ClamAV in Linux for the virus scanner in this example (Reference: Additional steps for anti-virus scanning)
There is an infected file (EICAR.txt) which we've created and uploaded to Jira/Confluence. However this file is not flagged as an infected file.
Here is how we had configured the Virus scanning scanner path and additional options (Compatible Antivirus Command Line Scanners)
Jira | |
---|---|
Confluence |
Pre-requisite
Please turn on the DEBUG mode for the following package
CODEcom.akelesconsulting.confluence.plugins.scheduler.job.VirusScanningJobRunner,
- Upload the infected file into Jira/Confluence
Check if there are any errors added into atlassian-jira.log/atlassian-confluence.log. e.g.
CODE2018-12-28 12:18:00,908 DEBUG [Thread-56] [confluence.plugins.utilities.StreamGobbler] run ERROR>ERROR: Could not connect to clamd on LocalSocket /var/run/clamd.scan/clamd.sock: Permission denied 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT> 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>----------- SCAN SUMMARY ----------- 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>Infected files: 0 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>Total errors: 1 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>Time: 0.000 sec (0 m 0 s) 2018-12-28 12:18:00,909 DEBUG [AtlassianEvent::CustomizableThreadFactory-1] [confluence.plugins.listener.AsyncEventListenerImpl] scanAttachment download.jpg [9830401] - Failed virus scan 2018-12-28 12:18:00,911 DEBUG [AtlassianEvent::CustomizableThreadFactory-1] [confluence.plugins.listener.AsyncEventListenerImpl] lambda$addComment$1 download.jpg [9830401] - Adding comment to page: Welcome to Confluence 2018-12-28 12:18:03,221 ERROR [AtlassianEvent::CustomizableThreadFactory-1] [atlassian.confluence.event.ConfluenceEventDispatcher] lambda$getRunnable$1 There was an exception thrown trying to dispatch event [com.atlassian.confluence.plugins.mentions.api.ConfluenceMentionEvent[source=com.atlassian.confluence.plugins.mentions.NotificationServiceImpl@448e5597]] from the invoker [com.atlassian.confluence.event.ConfluenceListenerHandlersConfiguration$TimingListenerHandler$1$1@30de2795] -- url: /confluence/plugins/drag-and-drop/upload.action | traceId: 519bdf55d23be4a5 | userName: admin | referer: http://192.168.9.232:8090/confluence/pages/viewpageattachments.action?pageId=65541 | action: upload java.lang.RuntimeException: java.lang.NullPointerException
Troubleshoot
Here are the attributes used in the examples below
User who starts up Confluence Service | confluenceuser |
---|---|
Infected File Location | /opt/EICAR.txt |
Possible issues
If the troubleshooting guides listed here does not resolve your issue, send us a support ticket with your logs for us to assist you further
Does the user who starts the jira/confluence service have permission to execute the scan?
Run the following command line in the the terminal
[confluenceuser@011-007-c-206 root]$ clamscan -v /opt/EICAR.txt
This is the expected result
Scanning /opt/EICAR.txt
/opt/EICAR.txt: Eicar-Signature FOUND
----------- SCAN SUMMARY -----------
Known viruses: 6779665
Engine version: 0.100.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 51.530 sec (0 m 51 s)
Solution: To add user permission to clamscan
Run the following command line in the terminal
usermod -a -G <User> clamscan
e.g.
usermod -a -G confluenceuser clamscan
Does the user who starts the jira/confluence service have permission to write into the scan log?
Is there a "Can't open ../X_attachment_scan.log" error thrown in your Atlassian log?
ERROR: Can't open /var/log/confluence_attachment_scan.log in append mode (check permissions!).
Solution: To give write permission to user
Run the following command line in the terminal
chown -R <user>:<user> <file directory>
e.g.
chown -R confluenceuser:confluenceuser /var/log/