Topic: Virus-Scan An Upload To Moodle Fails

[bloodshoteye]

Hi all,
System is an up to date SME 7.3 running moodle-1.8.3-1.el4.sme

In Moodle setup one can set the server to scan uploads and to quarantine suspect files.
I've enabled this and tried all the following paths to Clam AV, one by one:
/usr/bin/clamscan
/usr/bin/clamdscan
/usr/sbin/clamd
/sbin/e-smith/smeserver-clamscan

All the above cause an error similar to the following:

Moodle is configured to run clam on file upload, but the path supplied to Clam
AV, /sbin/e-smith/smeserver-clamscan,  is invalid.

A list search reveals nothing. Has anyone experienced this?

Thanks,

[pfloor]

Did you try just the path (not including any file name)?

/usr/bin/

[bloodshoteye]

pfloor

Made an edit as you suggest. Time will tell, and I will report back on this.
I've being trying full paths because prompts in moodle on the settings page suggested that:

Path to clam AV. Probably something like /usr/bin/clamscan or /usr/bin/clamdscan. You need this in order for clam AV to run

Thanks,

[william_syd]

Maybe of some help...

http://moodle.org/mod/forum/discuss.php?d=43171

http://moodle.org/mod/forum/discuss.php?d=25838

[cactus]

pfloor

Made an edit as you suggest. Time will tell, and I will report back on this.
I've being trying full paths because prompts in moodle on the settings page suggested that:
Thanks,

I think it should be the full path then, which on SME Server is /usr/bin/clamscan. The problem might very well be that the user the webserver is running under (www) is not allowed to execute files located there because of security measures, not sure if that is true for SME Server as I have never tested such things.

[bloodshoteye]

pfloor

Moodle is configured to run clam on file upload, but the path supplied to Clam
AV, /usr/bin/,  is invalid.

The above produces the same result as my original post.

cactus

The problem might very well be that the user the webserver is running under (www) is not allowed to execute files located there because of security measures,

I hear what you say, but this is reasonably fundamental, surely and would have been tested before releasing a contrib? Seems unlikely I'm the 1st to experience this.

william_syd
both links you gave take me here?

http://moodle.org/login/index.php

EDIT: log in a guest takes one to a Clam AV thread. I'm reading that now -
Majority of comments refer to /usr/bin/clamscan or /usr/bin/clamdscan being unexecutable by the user the webserver is running as.
What is that, in the case of sme server? How would one test a change to that on sme server without messing up all the other web based stuff?
On this particular server:

[root@tincan bin]# ls -l cl*
-rwxr-xr-x  1 root root 24078 Apr 16 19:18 clamconf
-rwxr-xr-x  1 root root 46094 Apr 16 19:18 clamdscan
-rwxr-xr-x  1 root root 57427 Apr 16 19:18 clamscan

Maybe I must create a bug?

[cactus]

I hear what you say, but this is reasonably fundamental, surely and would have been tested before releasing a contrib? Seems unlikely I'm the 1st to experience this.

It could very well be that not all functionality is tested as Moodle is a big package. You should have to contact the author for that, and the best way to do so, indeed, would be to raise a bug against the contrib.

[bloodshoteye]

I have raised Bug 4369:
http://bugs.contribs.org/show_bug.cgi?id=4369

[bloodshoteye]

I have raised Bug 4369:
http://bugs.contribs.org/show_bug.cgi?id=4369

The advice received from S Noble via the bug tracker has resolved this particular issue.