Developed by Mainio Tech.
This gem provides a Clamby scanner for Ratonvirus.
It allows Ratovirus to scan the files using ClamAV.
You need to have ClamAV installed on the target machine for the antivirus checks to actually work. With the default configuration, you will also need the ClamAV daemon installed in order to make the antivirus checks more efficient.
For full ClamAV installation instructions, please refer to ClamAV documentation.
For configuring ClamAV, please refer to Clamby documentation.
For proper ClamAV configuration in Ubuntu/Debian environments, follow these steps:
$ sudo apt install clamav clamav-daemon# Change the following from /etc/clamav/freshclam.conf
# Change `local` to your country code
DatabaseMirror db.local.clamav.net
# Change the following from /etc/clamav/clamd.conf
# Most Rails apps use symlinks in the production environment
FollowDirectorySymlinks true
FollowFileSymlinks true
Make sure that the folder where your application is running is included in the readable directories list:
$ sudo less /etc/apparmor.d/usr.sbin.clamdIf not, edit the local AppArmor configuration:
$ sudo nano /etc/apparmor.d/local/usr.sbin.clamdAdd the following line there with your application directory:
# Allow scanning for the application subdirs
/path/to/your/app/** r,
And finally reload apparmor configuration:
$ sudo systemctl reload apparmor$ sudo systemctl restart clamav-freshclam
$ sudo systemctl restart clamav-daemonGo to your application folder and create simple test files there to test the virus scanning:
$ cd /path/to/your/app
$ echo 'This is clean' > clean.pdf
$ wget -O dirty.pdf https://secure.eicar.org/eicar.comThe file dirty.pdf fetched from the URL is an
EICAR test file used to test
the response of the antivirus scan.
Run the antivirus tests for both of these files using clamdscan:
$ clamdscan clean.pdf dirty.pdfYou should see the following type of output from that command when ClamAV and its daemon are correctly working:
/path/to/your/app/clean.pdf: OK
/path/to/your/app/dirty.pdf: Eicar-Test-Signature FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.001 sec (0 m 0 s)
NOTE:
It is important that you test this in the actual production environment inside the application folder or the folder where the users are uploading the files in order to ensure that ClamAV daemon is able to access that folder and read files from it.
Also note that applications using
CarrierWave or other file
upload management system may store temporary files in specific configured
temporary paths (e.g. tmp/storage). Make sure you are also testing that the
files are scannable in all possible temporary paths.
Add this line to your application's Gemfile:
gem "ratonvirus"
gem "ratonvirus-clamby"Then execute:
$ bundleAnd finally configure the scanner for Ratonvirus in your application's
config/initializers/ratonvirus.rb:
# config/initializers/ratonvirus.rb
Ratonvirus.configure do |config|
config.scanner = :clamby
endSee further configuration instructions from the Ratonvirus documentation.
There are multiple scanning errors that this script may produce for the file attribute. Here are the explanations for each of the errors.
Please note that if you have done any changes to the default configurations, not all of these errors may be
This means that the given file contains a virus detected by ClamAV.
This virus can be shown in few different occasions:
- The
clamdscanexecutable did its work successfully, detected a virus and returned with an exit code 1. - The
clamdscanexecutable is not executable by the user under which the Rails app is run. This caused the system call to return with an exit code 126. - The
clamdscanexecutable is not available in the machine. This caused the system call to return with an exit code 127.
Shown when the clamdscan executable returns with the exit code other than 0 or
2.
In this case the clamdscan executable did not finish its work successfully and
an error was produced. This can be generally caused by the clamav-daemon
service because of few different reasons:
- The daemon cannot access the file to be checked. Please refer to the configuration section for further information.
- The daemon service is not running on the target machine. Please refer to the configuration section for further information.
- The daemon service is currently handling too many concurrent virus checks. This should be fixed by itself once the daemon finishes the previous checks.
Shown when the clamdscan executable returns with the exit code 2.
This means that the file passed to the ClamAV virus scan is no longer available when the scan was about to be performed.
In this case, the clamdscan executable is not run.
Shown when the file has disappeared from the file system between the upload procedure and Ratonvirus scans. This could also happen in case there is a problem in with the storage engine when moving the file to the local filesystem.
If you want to test that the scanner is working correctly without installing
ClamAV, you can create a dummy ClamAV executable in your app's bin path as
follows:
$ cd /path/to/your/app
$ wget -O bin/clamdscan https://git.io/fpKZr && chmod 755 bin/clamdscanThis downloads a bash script created to test the ClamAV executables without installing ClamAV. You can inspect the script from here prior to downloading and running it.
The executable is being executed by Clamby to check for the viruses.
After creating these files, you should be able to test the Clamby scanner from your Rails application by adding the folder where this executable resides to the PATH environment variable for your Rails application. You can do this when you start your Rails development server as follows.
$ PATH=./bin:$PATH bundle exec rails s
You should now be able to upload the
EICAR test file to the proposal
form and see a contains a virus error when submitting the form. When
submitting any other file, the scanning should pass and you should not see any
errors produced by Ratonvirus.
Feel free to try the scanner with different exit codes as well, they are described below:
- 0: No virus found.
- 1: Virus(es) found.
- 2: An error occured.
- 126: The file is not executable.
- 127: The executable could not be found.
For testing these, modify the bin/clamdscan executable to contain the
following lines:
#!/bin/bash
exit 1Modify the exit code to the one you want to test.