Skip to main content
Skip table of contents

Infected files not flagged when additional options added in Attachment Checker Config

Background

We've used ClamAV in Linux for the virus scanner in this example (Reference: Additional steps for anti-virus scanning)


There is an infected file (EICAR.txt) which we've created and uploaded to Jira/Confluence. However this file is not flagged as an infected file.

Here is how we had configured the Virus scanning scanner path and additional options (Compatible Antivirus Command Line Scanners)

Jira

Confluence

Pre-requisite

  1. Please turn on the DEBUG mode for the following package 

    CODE
    com.akelesconsulting.confluence.plugins.scheduler.job.VirusScanningJobRunner,
  2. Upload the infected file into Jira/Confluence
  3. Check if there are any errors added into atlassian-jira.log/atlassian-confluence.log. e.g.

    CODE
    2018-12-28 12:18:00,908 DEBUG [Thread-56] [confluence.plugins.utilities.StreamGobbler] run ERROR>ERROR: Could not connect to clamd on LocalSocket /var/run/clamd.scan/clamd.sock: Permission denied
    2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>
    2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>----------- SCAN SUMMARY -----------
    2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>Infected files: 0
    2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>Total errors: 1
    2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>Time: 0.000 sec (0 m 0 s)
    2018-12-28 12:18:00,909 DEBUG [AtlassianEvent::CustomizableThreadFactory-1] [confluence.plugins.listener.AsyncEventListenerImpl] scanAttachment download.jpg [9830401] - Failed virus scan
    2018-12-28 12:18:00,911 DEBUG [AtlassianEvent::CustomizableThreadFactory-1] [confluence.plugins.listener.AsyncEventListenerImpl] lambda$addComment$1 download.jpg [9830401] - Adding comment to page: Welcome to Confluence
    2018-12-28 12:18:03,221 ERROR [AtlassianEvent::CustomizableThreadFactory-1] [atlassian.confluence.event.ConfluenceEventDispatcher] lambda$getRunnable$1 There was an exception thrown trying to dispatch event [com.atlassian.confluence.plugins.mentions.api.ConfluenceMentionEvent[source=com.atlassian.confluence.plugins.mentions.NotificationServiceImpl@448e5597]] from the invoker [com.atlassian.confluence.event.ConfluenceListenerHandlersConfiguration$TimingListenerHandler$1$1@30de2795]
     -- url: /confluence/plugins/drag-and-drop/upload.action | traceId: 519bdf55d23be4a5 | userName: admin | referer: http://192.168.9.232:8090/confluence/pages/viewpageattachments.action?pageId=65541 | action: upload
    java.lang.RuntimeException: java.lang.NullPointerException
    
    

Troubleshoot

Here are the attributes used in the examples below

User who starts up Confluence Serviceconfluenceuser
Infected File Location/opt/EICAR.txt

Possible issues

If the troubleshooting guides listed here does not resolve your issue, send us a support ticket with your logs for us to assist you further



Does the user who starts the jira/confluence service have permission to execute the scan? 

Run the following command line in the the terminal

CODE
[confluenceuser@011-007-c-206 root]$ clamscan -v /opt/EICAR.txt

This is the expected result

CODE
Scanning /opt/EICAR.txt
/opt/EICAR.txt: Eicar-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 6779665
Engine version: 0.100.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 51.530 sec (0 m 51 s)


Solution: To add user permission to clamscan

Run the following command line in the terminal

CODE
usermod -a -G <User> clamscan

e.g. 

CODE
usermod -a -G confluenceuser clamscan

Does the user who starts the jira/confluence service have permission to write into the scan log?

Is there a "Can't open ../X_attachment_scan.log" error thrown in your Atlassian log?

CODE
ERROR: Can't open /var/log/confluence_attachment_scan.log in append mode (check permissions!).
Solution: To give write permission to user

Run the following command line in the terminal

CODE
chown -R <user>:<user> <file directory>

e.g.

CODE
chown -R confluenceuser:confluenceuser /var/log/
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.