There are 2 ways to ensure your files are getting scanned for virus protection using the RAP server. Both have their benefits. Due to the scope of virus and virus protection software Scale Logic is not able to support other methods.
- Scan your persistent storage that is seen by RAP using your corporate AV scanner. No need to introduce something new when your corporate IT department already has appropriate software for scanning. Have a meeting with them, show them your persistent edit storage mount points, and have them scan it with their tools.
- If you don't have a corporate Antivirus package we can run ClamAV inside the RAP server. All scanning takes CPU and RAM and also can affect upload speeds. Please use caution and test before going live on production with testing that closely resembles your production workload.
To run ClamAV - you need a Linux admin that is comfortable with the following instructions. If you don't have a linux admin open a ticket and Scale Logic can assist with the following process.
- Login to the RAP server with SSH and escalate your privilege with "sudo su"
- Install ClamAV packages using "yum" since RAP is CentOS-based Linux
sudo yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
- Update the ClamAV database so it gets today's virus definitions
freshclam
- Enable the ClamAV services.
systemctl enable clamd@scan
Edit the clamd.conf file and uncomment the line LocalSocket /etc/clam.d/scan.conf
sed -i -e "s|^#LocalSocket |LocalSocket |" /etc/clamd.d/scan.conf
- Start the ClamAV service
systemctl start clamd@scan
- Run "crontab -e" and add the following line exactly to have ClamAV update the virus definition file. We put 47 minutes to better distribute the load on the virus definition servers
47 * * * * /usr/bin/freshclam --quiet
- Change the ower and group of the folder /var/run/clamd.scan to "apache:apache" so that the RAP Web GUI can have permission to run the scanner.
chown -R apache:apache /var/run/clamd.scan/
- Go to the admin of RAP web browser and go to "Settings -> Apps". The "Show Disabled Apps" is displayed. Find Anti Virus and ENABLE it. As an alternative to doing it through the browser you can enter this command:
sudo -u apache /usr/bin/php /var/www/rap/occ app:enable files_antivirus
- After enabling Anti-Virus App, go to the Security menu and set the Mode pull down to "Daemon (Socket)" and decide whether you want to only log or Delete a file. Delete file will log it and delete it. Put "/var/run/clamd.scan/clamd.sock" in for the "Socket" or run the following commands to do all this from the CLI
sudo -u apache /usr/bin/php /var/www/rap/occ config:app:set files_antivirus av_mode --value="socket" sudo -u apache /usr/bin/php /var/www/rap/occ config:app:set files_antivirus av_socket --value="/var/run/clamd.scan/clamd.sock"
sudo -u apache /usr/bin/php /var/www/rap/occ config:app:set files_antivirus av_infected_action --value="delete"
Optionally set "Delete file" from the CLI as the above command. If using the GUI set these params as in the below screenshot:
- If using the GUI then hit the SAVE button
- If you want, test by getting a Virus test file from a reputable source like Git. Create a text file on the RAP web GUI and paste in the affected test Virus string and the ClamAV scanner should delete the file if you have the "delete file" option turned on. Here is an example log entry while testing - /var/www/rap/data/rap.log
{"reqId":"Y9mQbeogXKOZl94VytV@fgAAAAI","level":2,"time":"2023-01-31T22:04:30+00:00","remoteAddr":"97.91.106.17","user":"daryl","app":"files_antivirus","method":"PUT","url":"\/index.php\/apps\/files_texteditor\/ajax\/savefile","message":"Infected file deleted. Win.Test.EICAR_HDB-1 Account: daryl Path: Project 1\/virus_test.txt"}
- Watch the RAM and CPU usage of the RAP server during the first days of production. Any and all Anti-virus scanning takes resources and also could affect the speed of file uploads etc.