issues with remote icap virus scanner can lead to acceptance of infected files #1942
Description
Describe the bug
I'v set up a remote icap virus scanner using clamav and c-icap at av.jwqa.de
The scanner receives and digests uploaded files, but there are 404 errors reported in antivirus.log while processing files (a different issue). In this situation the uploads go through, regardless if the scanner says infected:true or infected:false .
Steps to reproduce
- Setup docker clamav+c-icap at a remote instance
- connect this instance with opencloud using https://docs.opencloud.eu/docs/dev/server/services/antivirus
- download some test files from https://www.eicar.org/download-anti-malware-testfile/
- open the web UI, upload eicar.com.txt
- The file gets sent to the virus scanner, gets detected correctly, but is nevertheless immediately available in the web UI. BAD.
Expected behavior
When there are errors connecting the virus scanner, this should be prominently shown and uploads should fail.
Actual behavior
The upload passes, leading to the false impression, the file was clean. BAD
Setup
export POSTPROCESSING_LOG_LEVEL=trace # panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace
export POSTPROCESSING_LOG_FILE=$OC_LOGDIR/postprocessing.log
export POSTPROCESSING_STORE=memory # memory(default), redis-sentinel, nats-js-kv, noop
export POSTPROCESSING_STEPS=virusscan # virusscan, delay (requires antivirus service enabled)
export POSTPROCESSING_MAX_RETRIES=5
export POSTPROCESSING_RETRY_BACKOFF_DURATION=10s # needs the s!
export STORAGE_USERS_DATA_GATEWAY_URL="https://oc.jwqa.de:9200/data"
export OC_ADD_RUN_SERVICES=antivirus
export ANTIVIRUS_WORKERS=1
export ANTIVIRUS_SCANNER_TYPE=icap
export ANTIVIRUS_MAX_SCAN_SIZE=100MB
export ANTIVIRUS_INFECTED_FILE_HANDLING=abort
export ANTIVIRUS_LOG_FILE=$OC_LOGDIR/antivirus.log
export ANTIVIRUS_LOG_LEVEL=trace
export ANTIVIRUS_ICAP_SCAN_TIMEOUT=120s
export ANTIVIRUS_ICAP_URL=icap://$icap_host:$icap_port
export ANTIVIRUS_MAX_SCAN_SIZE_MODE=partial
Logs: