forked from Wavyzz/dolibarr
Some changes to support all antiviruses
This commit is contained in:
Laurent Destailleur
@@ -1,5 +1,5 @@
|
||||
<?php
|
||||
/* Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
/* Copyright (C) 2004-2009 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@@ -42,16 +42,13 @@ $upload_dir=$conf->admin->dir_temp;
|
||||
|
||||
if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
{
|
||||
/*
|
||||
* Creation repertoire si n'existe pas
|
||||
*/
|
||||
if (! is_dir($upload_dir)) create_exdir($upload_dir);
|
||||
|
||||
if (is_dir($upload_dir))
|
||||
$result=create_exdir($upload_dir); // Create dir if not exists
|
||||
if ($result >= 0)
|
||||
{
|
||||
@dol_delete_file($upload_dir . "/" . $_FILES['userfile']['name'],1);
|
||||
|
||||
if (dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0) > 0)
|
||||
$resupload=dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir . "/" . $_FILES['userfile']['name'],0);
|
||||
if ($resupload > 0)
|
||||
{
|
||||
$mesg = '<div class="ok">'.$langs->trans("FileTransferComplete").'</div>';
|
||||
//print_r($_FILES);
|
||||
@@ -59,7 +56,9 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
|
||||
else
|
||||
{
|
||||
// Echec transfert (fichier depassant la limite ?)
|
||||
$mesg = '<div class="error">'.$langs->trans("ErrorFileNotUploaded").'</div>';
|
||||
$mesg = '<div class="error">'.$langs->trans("ErrorFileNotUploaded");
|
||||
$mesg.= 'ee';
|
||||
$mesg.'</div>';
|
||||
// print_r($_FILES);
|
||||
}
|
||||
}
|
||||
@@ -125,9 +124,16 @@ if ($_GET["action"] == 'MAIN_ANTIVIRUS_COMMAND')
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($_GET["action"] == 'MAIN_ANTIVIRUS_PARAM')
|
||||
{
|
||||
dolibarr_set_const($db, "MAIN_ANTIVIRUS_PARAM", $_POST["MAIN_ANTIVIRUS_PARAM"],'chaine',0,'',$conf->entity);
|
||||
Header("Location: security_other.php");
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Affichage onglet
|
||||
* View
|
||||
*/
|
||||
|
||||
$form = new Form($db);
|
||||
@@ -280,6 +286,22 @@ print '</td>';
|
||||
print '</tr>';
|
||||
print '</form>';
|
||||
|
||||
// Use anti virus
|
||||
$var=!$var;
|
||||
print '<form action="'.$_SERVER["PHP_SELF"].'?action=MAIN_ANTIVIRUS_PARAM" method="POST">';
|
||||
print "<tr ".$bc[$var].">";
|
||||
print '<td colspan="2">'.$langs->trans("AntiVirusParam").'<br>';
|
||||
print $langs->trans("AntiVirusParamExample");
|
||||
print '</td>';
|
||||
print '<td align="center" width="100">';
|
||||
print '<input type="text" name="MAIN_ANTIVIRUS_PARAM" size=80 value="'.$conf->global->MAIN_ANTIVIRUS_PARAM.'">';
|
||||
print "</td>";
|
||||
print '<td align="right">';
|
||||
print '<input type="submit" class="button" name="button" value="'.$langs->trans("Modify").'">';
|
||||
print '</td>';
|
||||
print '</tr>';
|
||||
print '</form>';
|
||||
|
||||
print '</table>';
|
||||
|
||||
print '</div>';
|
||||
|
||||
@@ -97,7 +97,7 @@ if ($what == 'mysql')
|
||||
|
||||
// Parameteres execution
|
||||
$command=$cmddump;
|
||||
if (preg_match("/\s/",$command)) $command=$command=escapeshellarg($command); // Use quotes on command
|
||||
if (preg_match("/\s/",$command)) $command=escapeshellarg($command); // Use quotes on command
|
||||
|
||||
//$param=escapeshellarg($dolibarr_main_db_name)." -h ".escapeshellarg($dolibarr_main_db_host)." -u ".escapeshellarg($dolibarr_main_db_user)." -p".escapeshellarg($dolibarr_main_db_pass);
|
||||
$param=$dolibarr_main_db_name." -h ".$dolibarr_main_db_host;
|
||||
@@ -201,6 +201,7 @@ if ($what == 'mysql')
|
||||
if (! $errormsg) $errormsg=$langs->trans("ErrorFailedToRunExternalCommand");
|
||||
}
|
||||
}
|
||||
fclose($handle);
|
||||
// Fin execution commande
|
||||
}
|
||||
|
||||
|
||||
130
htdocs/lib/antivir.class.php
Normal file
130
htdocs/lib/antivir.class.php
Normal file
@@ -0,0 +1,130 @@
|
||||
<?php
|
||||
/* Copyright (C) 2000-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org>
|
||||
* Copyright (C) 2004-2009 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
* or see http://www.gnu.org/
|
||||
*/
|
||||
|
||||
/**
|
||||
* \file htdocs/lib/antivir.class.php
|
||||
* \brief File of class to scan viruses
|
||||
* \version $Id$
|
||||
* \author Laurent Destailleur.
|
||||
*/
|
||||
|
||||
/**
|
||||
* \class AntiVir
|
||||
* \brief Class to scan for virus
|
||||
*/
|
||||
class AntiVir
|
||||
{
|
||||
var $error;
|
||||
var $output;
|
||||
var $db;
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*
|
||||
* @param unknown_type $db
|
||||
* @return AntiVir
|
||||
*/
|
||||
function AntiVir($db)
|
||||
{
|
||||
$this->db=$db;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Scan a file with antivirus
|
||||
* \param file File to scan
|
||||
* \return malware Name of virus found or ''
|
||||
*/
|
||||
function dol_avscan_file($file)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
$return = 0;
|
||||
|
||||
$maxreclevel = 5 ; // maximal recursion level
|
||||
$maxfiles = 1000; // maximal number of files to be scanned within archive
|
||||
$maxratio = 200; // maximal compression ratio
|
||||
$bz2archivememlim = 0; // limit memory usage for bzip2 (0/1)
|
||||
$maxfilesize = 10485760; // archived files larger than this value (in bytes) will not be scanned
|
||||
|
||||
@set_time_limit($cfg['ExecTimeLimit']);
|
||||
$outputfile=$conf->admin->dir_temp.'/dol_avscan_file.out.'.session_id();
|
||||
|
||||
$command=$conf->global->MAIN_ANTIVIRUS_COMMAND;
|
||||
$param=$conf->global->MAIN_ANTIVIRUS_PARAM;
|
||||
|
||||
if (preg_match('/%file/',$conf->global->MAIN_ANTIVIRUS_PARAM)) $param=preg_replace('/%file/',trim($file),$param);
|
||||
else $param=trim($file);
|
||||
$param=preg_replace('/%maxreclevel/',$maxreclevel,$param);
|
||||
$param=preg_replace('/%maxfiles/',$maxfiles,$param);
|
||||
$param=preg_replace('/%maxratio/',$maxratiod,$param);
|
||||
$param=preg_replace('/%bz2archivememlim/',$bz2archivememlim,$param);
|
||||
$param=preg_replace('/%maxfilesize/',$maxfilesize,$param);
|
||||
|
||||
// Create a clean fullcommand
|
||||
//print $command." ".$param;
|
||||
if (preg_match("/\s/",$command)) $command=escapeshellarg($command); // Use quotes on command
|
||||
if (preg_match("/\s/",$param)) $param=escapeshellarg($param); // Use quotes on param
|
||||
//print $command." ".$param;
|
||||
|
||||
$output=array();
|
||||
$return_var=0;
|
||||
$fullcommand=$command.' '.$param.' 2>&1';
|
||||
dol_syslog("Run command=".$fullcommand);
|
||||
exec($fullcommand, $output, $return_var);
|
||||
|
||||
/*
|
||||
$handle = fopen($outputfile, 'w');
|
||||
if ($handle)
|
||||
{
|
||||
$handlein = popen($fullcommand, 'r');
|
||||
while (!feof($handlein))
|
||||
{
|
||||
$read = fgets($handlein);
|
||||
fwrite($handle,$read);
|
||||
}
|
||||
pclose($handlein);
|
||||
|
||||
$errormsg = fgets($handle,2048);
|
||||
$this->output=$errormsg;
|
||||
|
||||
fclose($handle);
|
||||
|
||||
if (! empty($conf->global->MAIN_UMASK))
|
||||
@chmod($outputfile, octdec($conf->global->MAIN_UMASK));
|
||||
}
|
||||
else
|
||||
{
|
||||
$langs->load("errors");
|
||||
dol_syslog("Failed to open file ".$outputfile,LOG_ERR);
|
||||
$this->error="ErrorFailedToWriteInDir";
|
||||
$return=-1;
|
||||
}
|
||||
*/
|
||||
|
||||
dol_syslog("Result return_var=".$return_var." output=".join(',',$output));
|
||||
|
||||
return $return;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@@ -1932,7 +1932,7 @@ function dol_print_error_email()
|
||||
* \param src_file Source filename
|
||||
* \param dest_file Target filename
|
||||
* \param allowoverwrite Overwrite if exists
|
||||
* \return int >0 if OK, <0 if KO, Name of virus if virus found
|
||||
* \return int >0 if OK, <0 if KO (-99 if virus found), Name of virus if virus found
|
||||
*/
|
||||
function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite)
|
||||
{
|
||||
@@ -1941,25 +1941,25 @@ function dol_move_uploaded_file($src_file, $dest_file, $allowoverwrite)
|
||||
$file_name = $dest_file;
|
||||
|
||||
// If we need to make a virus scan
|
||||
if ($conf->global->MAIN_USE_AVSCAN)
|
||||
if ($conf->global->MAIN_ANTIVIRUS_COMMAND)
|
||||
{
|
||||
require_once(DOL_DOCUMENT_ROOT.'/lib/security.lib.php');
|
||||
$malware = dol_avscan_file($src_file);
|
||||
if ($malware) return $malware;
|
||||
require_once(DOL_DOCUMENT_ROOT.'/lib/antivir.class.php');
|
||||
$antivir=new AntiVir($db);
|
||||
$result = $antivir->dol_avscan_file($src_file);
|
||||
if ($result < 0) return -99;
|
||||
}
|
||||
|
||||
// Security:
|
||||
// On renomme les fichiers avec extention script web car si on a mis le rep
|
||||
// documents dans un rep de la racine web (pas bien), cela permet d'executer
|
||||
// du code a la demande.
|
||||
// Disallow file with some extensions. We renamed them.
|
||||
// Car si on a mis le rep documents dans un rep de la racine web (pas bien), cela permet d'executer du code a la demande.
|
||||
if (preg_match('/\.htm|\.html|\.php|\.pl|\.cgi$/i',$file_name))
|
||||
{
|
||||
$file_name.= '.noexe';
|
||||
}
|
||||
|
||||
// Security:
|
||||
// On interdit fichiers caches, remontees de repertoire ainsi que les pipes dans
|
||||
// les noms de fichiers.
|
||||
// On interdit fichiers caches, remontees de repertoire ainsi que les pipes dans les noms de fichiers.
|
||||
if (preg_match('/^\./',$src_file) || preg_match('/\.\./',$src_file) || preg_match('/[<>|]/',$src_file))
|
||||
{
|
||||
dol_syslog("Refused to deliver file ".$src_file, LOG_WARNING);
|
||||
@@ -2252,14 +2252,14 @@ function dol_delete_file($file,$disableglob=0)
|
||||
{
|
||||
$ok=unlink($filename); // The unlink encapsulated by dolibarr
|
||||
if ($ok) dol_syslog("Removed file ".$filename,LOG_DEBUG);
|
||||
else dol_syslog("Failed to remove file ".$filename,LOG_ERR);
|
||||
else dol_syslog("Failed to remove file ".$filename,LOG_WARNING);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$ok=unlink($file_osencoded); // The unlink encapsulated by dolibarr
|
||||
if ($ok) dol_syslog("Removed file ".$file_osencoded,LOG_DEBUG);
|
||||
else dol_syslog("Failed to remove file ".$file_osencoded,LOG_ERR);
|
||||
else dol_syslog("Failed to remove file ".$file_osencoded,LOG_WARNING);
|
||||
}
|
||||
return $ok;
|
||||
}
|
||||
|
||||
@@ -719,31 +719,6 @@ function dol_decode($chain)
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* \brief Scan les fichiers avec un anti-virus
|
||||
* \param file Fichier a scanner
|
||||
* \return malware Nom du virus si infecte sinon retourne "null"
|
||||
*/
|
||||
function dol_avscan_file($file)
|
||||
{
|
||||
$malware = '';
|
||||
|
||||
// Clamav
|
||||
if (function_exists("cl_scanfile"))
|
||||
{
|
||||
$maxreclevel = 5 ; // maximal recursion level
|
||||
$maxfiles = 1000; // maximal number of files to be scanned within archive
|
||||
$maxratio = 200; // maximal compression ratio
|
||||
$archivememlim = 0; // limit memory usage for bzip2 (0/1)
|
||||
$maxfilesize = 10485760; // archived files larger than this value (in bytes) will not be scanned
|
||||
|
||||
cl_setlimits($maxreclevel, $maxfiles, $maxratio, $archivememlim, $maxfilesize);
|
||||
$malware = cl_scanfile(dol_osencode($file));
|
||||
}
|
||||
|
||||
return $malware;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return array of ciphers mode available
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user