Hi,
First of all, thanks for this great Alfresco extension.
We plan to deploy it soon on our Alfresco One 5.0 instance, but something in the design of the scan components looks strange to me, perhaps can you help me understand the way the module works ?

Scanning components (InStreamScan, CommandScan) are Spring based "singleton" beans, created in the alfviral-context.xml context definition file.

As Spring beans are similar to singleton, there is only a single instance of each in the Spring application context.

Here is the potential identified risk : when scanning a file, the following code is used in AntivirusService

inStreamScan.setData(contentReader.getContentString().getBytes());
res = inStreamScan.scan(nodeRef);

It works well when a single file is scanned, or if files are scanned sequentially.

But what happens if several files are scanned concurrently ?
As methods are not synchronized, there is a risk to switch to another file between inStreamScan.setData(...) call and inStreamScan.scan(...) call.
And if a scan takes a long time to run, the nodeRef attribute of inStreamScan component may be updated during the scan to another nodeRef.

I may be wrong, as in fact I have not been able to setup a test platform to validate my assomptions.

Did I missed something is this a known limitation ?

Regards.

Hi,

We have an Alfresco 4.2.5.1 with CAS for SSO. A user login to CAS and he is redirected to his dashboard. But when we install Alfviral, redirection doesn't work. The user is redirected to the Alfresco authentication page.

Do you have solution? Any ideas?

Thanks!

Hi. I am getting an issue whenever I try to validate the ClamAV solution with alfviral, through the COMMAND mode, basically it checks all files fine; but when I try to use a test "infected" one(http://www.eicar.org/86-0-Intended-use.html) the following error shows up on upload:

11:01:52,208 INFO [STDOUT] 2015-10-01 11:01:52,206 ERROR [extensions.webscripts.AbstractRuntime] [http-localhost%2F127.0.0.1-8080-5] Exception from executeScript - redirecting to status template error: 09010048 Failed to execute transaction-level behaviour public abstract void org.alfresco.repo.content.ContentServicePolicies$OnContentUpdatePolicy.onContentUpdate(org.alfresco.service.cmr.repository.NodeRef,boolean) in transaction afc57676-0126-4fc5-9d7b-d34b8c5cce62

Caused by: java.lang.IllegalArgumentException: nodeRef is a mandatory parameter

11:01:52,209 INFO [STDOUT] flect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

I think the problem is that somewhere the file in the content store is deleted, thus the node reference breaks and the error we see. The thing is that I haven't been able to discern that this is due to the AV solution, since via the command line seems to work just fine, I think is more related to Alfresco and/or alfviral. I'm using Alfresco Share 4.2 in an Ubuntu local server, with the analysis on upload activated and in command mode.

Hi, we are trying to use Alfviral on an instance of Alfresco with an encrypted datastore. Is it possible to use either ICAP or Command scanning? If not, are there any plans to enable this.
Many thanks.

Hi,

I'm testing this plugin against Alfresco 5.1.1 and I can see the log message for the Aspect being assigned e.g.:

14:53:03,706 INFO  [com.fegor.alfresco.security.antivirus.InStreamScan] [http-bio-8080-exec-5] com.fegor.alfresco.security.antivirus.InStreamScan: [Aspect SCANNED_FROM_CLAMAV assigned for 105bf47f-5686-4c8e-b760-6d5104ba1f40]
14:53:03,706 INFO  [com.fegor.alfresco.services.AntivirusService] [http-bio-8080-exec-5] com.fegor.alfresco.services.AntivirusService: [ALERT File: store://2017/2/15/14/53/8dfc44d3-b1ff-4f40-b388-e5b30dad7efd.bin is infected!]

However this does not appear to be reflected in the Alfresco UI e.g.:

Is this expected? Or is there some other way of viewing Aspects assigned to the document?

Hello,
I have installed alfviral on Alfresco Enterprise v5.0.2. The port Alfresco is using is alfresco.port=8084. After startup I try and access Alfresco through Share, but can't as it errors with:
INFO [webscripts.connector.RemoteClient] [http-apr-8084-exec-4] Exception calling (get) http://localhost:8080/alfresco/s/remoteadm/has/alfresco/site-data/component-types/webscript.xml?s=sitestore&alf_ticket=TICKET_3ewd9g7sd087sd0g7d076sa5tgsi
INFO [webscripts.connector.RemoteClient] [http-apr-8084-exec-4] Error status 503 Connect to localhost:8080 [localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused.

It works fine on port 8080. Can it be changed to work with ports other than 8080?

Many thanks.

I am using the COMMAND mode to scan the files for virus.I have the following configuration in alfviral.properties file.

alfviral.mode=COMMAND
alfviral.command.exec=/usr/bin/clamscan

I have the following code in CommandScan.java class.
ProcessBuilder pb = new ProcessBuilder(this.command);
Process process = pb.start();
res = process.waitFor();
logger.debug(" ++++++the value of res is++++++++"+res);

when I have uploaded a file of mimetype application/x-dosexec,I got the following logs
2018-03-07 19:12:38,753 DEBUG com.fegor.alfresco.services.AntivirusServiceImpl: [Type: application/x-dosexec]
com.fegor.alfresco.services.AntivirusServiceImpl: [Mode: COMMAND]
2018-03-07 19:12:38,753 DEBUG [security.antivirus.CommandScan] [http-apr-8080-exec-10] ++++++the value of res is++++++++127

So,when I have done a little bit of googling,I have understood that 127 is a special exit code which means that the command is not found.
I am surprised that logs are showing that the command is not found because when I have directly run the clamscan on a file,it is working perfectly and showing that the file is infected if the file is infected and clean if the file is not infected.

ayushi@ayushi-GA-78LMT-S2PT:~$ clamscan ~/Downloads/stepup.exe
/home/ayushi/Downloads/stepup.exe: OK
----------- SCAN SUMMARY -----------
Known viruses: 6431792
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 9.14 MB
Data read: 2.46 MB (ratio 3.72:1)
Time: 13.816 sec (0 m 13 s)

Also,when I have scanned the file with virustotal mode,it is working perfectly.

Hi @fegorama,

Thank you for creating this awesome Alfresco module. I have a few questions that I could not find in the documentation provided in this repo that I hope I could get answers to.

1. Does alfviral currently support Alfresco Repository and Alfresco share v7.2?
2. I currently run alfresco in Kubernetes. I have converted alfviral's docker-compose.yml into kubernetes yaml files and managed to deploy alfviral share and alfviral-antivirus. How can I verify that it is working? Would you have any usage documentations that I can look into for how to use alfviral?
3. How can I customize alfviral's behaviour? For example, the email address for infected file notifications and quarantine or delete infected file immediately.
4. What is the functionality of alfviral-platform?
5. alfviral-platform project's docker-compose.yml contains reference to Alfresco Search Services image v1.2.0. I'm currently using Alfresco Search Services 1.4.3. Is it ok if I changed the image to reference v1.4.3?

Thank you for your time.

i have downloaded alfresco all in one project(4.1.0) and installed antivirus amp files(platform& share) using mmt tool in docker container.
getting below error
anti-acs_1 | 2021-02-16 11:36:17,865 ERROR [web.context.ContextLoader] [localhost-startStop-1] Context initialization failed
anti-acs_1 | org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.alfresco.web.config.WebClientConfigBootstrap] for bean with name 'alfviral.webclient.configBootstrap' defined in class path resource [alfresco/module/alfviral/context/service-context.xml]; nested exception is java.lang.ClassNotFoundException: org.alfresco.web.config.WebClientConfigBootstrap

can you please tell how do i specify alfviral.command.exec path in antiviral.properties?

There is an error being logged, even though the configuration is correct

In particular for this configuration, which is the default for alf-viral.

List of file only or exceptions

alfviral.file.exceptions=text/html|text/xml|application/pdf|image/jpeg|image/png|image/giftext/plain
alfviral.file.only=application/octet-stream|application/x-dosexec|application/bat|application/x-bat|application/x-msdos-program|application/textedit|application/cmd|application/x-ms-dos-executable
alfviral.file.only_or_exceptions=exceptions

In order to use Alfivral in a legally compliant manner, a licence valid for the entire project is required.

A scheduled scan gives a "User does not exist and could not be created: System" error.
I am running Alfresco 6.2.2 runs on a container platform (Openshift 3.11 and 4.x).
The repository runs as user 'alfresco', not 'root'.

It think it's good to merge some fixes from other forks, so this one keeps up to date.

When trying to build Alfviral locally there is a MVN dependency that cannot be resolved, excerpt below:

<dependency>
    <groupId>org.alfresco</groupId>
    <artifactId>alfresco-web-client</artifactId>
    <version>4.2.e</version>
    <classifier>classes</classifier>
    <scope>system</scope>
    <systemPath>D:/mvn_repo/org/alfresco/alfresco-web-client/4.2.e/alfresco-web-client-4.2.e.jar</systemPath>
</dependency>

Are there any details on where this file can be retrieved from to complete the build?