Logging infected files to error_log AND moodle log table.

These patches are maintained in an publicly accessible Arch repository, see: http://lists.eduforge.org/cgi-bin/archzoom.cgi/arch-eduforge@catalyst.net.nz--2004-MIRROR/moodle--eduforge--1.3.3

Index of arch patches in this commit:

arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-72
    2004-09-16 22:30:44 GMT
    Penny Leach <penny@catalyst.net.nz>
    logging infected files to error_log and the moodle log table, slight change to instructions in handlevirus.php

Full logs:

Revision: moodle--eduforge--1.3.3--patch-72
Archive: arch-eduforge@catalyst.net.nz--2004
Creator: Penny Leach <penny@catalyst.net.nz>
Date: Fri Sep 17 10:30:44 NZST 2004
Standard-date: 2004-09-16 22:30:44 GMT
Modified-files: admin/handlevirus.php lib/uploadlib.php
New-patches: arch-eduforge@catalyst.net.nz--2004/moodle--eduforge--1.3.3--patch-72
Summary: logging infected files to error_log and the moodle log table, slight change to instructions in handlevirus.php
Keywords:

diff --git a/admin/handlevirus.php b/admin/handlevirus.php
index 1755905cd8f5ad41a83b3617fa7e8380c83577e7..159dbee5203efa5df61785fdf50602b6cd540e64 100644 (file)
--- a/admin/handlevirus.php
+++ b/admin/handlevirus.php
@@ -1,6 +1,6 @@
 <?
 /** This expects the output from a command like
- * clamscan -r --infected --no-summary <files> 2>&1 | php thisfile.php 
+ * clamscan -r --infected --no-summary <files> 2>&1 | php -d error_log=/path/to/log thisfile.php 
  * also it's important that the output of clamscan prints the FULL PATH to each infected file, so use absolute paths for area to scan
  * also it should be run as root, or whatever the webserver runs as so that it has the right permissions in the quarantine dir etc.
  */
@@ -28,7 +28,7 @@ while(!feof($fd)) {
     $bits = explode('/',$file);
     $a->filename = $bits[count($bits)-1];
 
-    if (!$log = get_record("log","module","upload","info",$file)) {
+    if (!$log = get_record("log","module","upload","info",$file,"action","upload")) {
         $a->action = clam_handle_infected_file($file,0,false);
         clam_replace_infected_file($file);
         notify_admins_unknown($file,$a);

diff --git a/lib/uploadlib.php b/lib/uploadlib.php
index 7a0a589e03e311b7f699f97ea0bfc4e85f18b93c..f08fc807faf858462f672779e9c4c6b8a4debdf8 100644 (file)
--- a/lib/uploadlib.php
+++ b/lib/uploadlib.php
@@ -410,6 +410,7 @@ function clam_handle_infected_file($file,$userid=0,$basiconly=false) {
         $now = date('YmdHis');
         if (rename($file,$CFG->quarantinedir.'/'.$now.'-user-'.$userid.'-infected')) { 
             $delete = false;
+            clam_log_infected($file,$CFG->quarantinedir.'/'.$now.'-user-'.$userid.'-infected',$userid);
             if ($basiconly) {
                 $notice .= "\n".get_string('clammovedfilebasic');
             }
@@ -436,6 +437,7 @@ function clam_handle_infected_file($file,$userid=0,$basiconly=false) {
     }
     if ($delete) {
         if (unlink($file)) {
+            clam_log_infected($file,'',$userid);
             $notice .= "\n".get_string('clamdeletedfile');
         }
         else {
@@ -601,7 +603,6 @@ function clam_log_upload($newfilepath,$course=null) {
     if (strpos($newfilepath,$CFG->dataroot) === false) {
         $newfilepath = $CFG->dataroot.'/'.$newfilepath;
     }
-    $CFG->debug=10;
     $courseid = 0;
     if ($course) {
         $courseid = $course->id;
@@ -609,6 +610,28 @@ function clam_log_upload($newfilepath,$course=null) {
     add_to_log($courseid,"upload","upload","",$newfilepath);
 }
 
+/**
+ * This function logs to error_log and to the log table that an infected file has been found and what's happened to it.
+ * @param $oldfilepath - full path to the infected file before it was moved.
+ * @param $newfilepath - full path to the infected file since it was moved to the quarantine directory (if the file was deleted, leave empty).
+ * @param $userid - id of user who uploaded the file.
+ */
+function clam_log_infected($oldfilepath='',$newfilepath='',$userid=0) {
+
+    add_to_log(0,"upload","infected","",$oldfilepath,0,$userid);
+    
+    $user = get_record('user','id',$userid);
+    
+    $errorstr = 'Clam AV has found a file that is infected with a virus. It was uploaded by '
+        . ((empty($user) ? ' an unknown user ' : $user->firstname. ' '.$user->lastname))
+        . ((empty($oldfilepath)) ? '. The infected file was caught on upload ('.$oldfilepath.')' 
+           : '. The original file path of the infected file was '.$oldfilepath)
+        . ((empty($newfilepath)) ? '. The file has been deleted ' : '. The file has been moved to a quarantine directory and the new path is '.$newfilepath);
+
+    error_log($errorstr);
+}
+
+
 /**
  * some of the modules allow moving attachments (glossary), in which case we need to hunt down an original log and change the path.
  */