From f729d33dcc41580f7dd6893d041c2c7b644662ec Mon Sep 17 00:00:00 2001
From: ldestailleur <eldy@destailleur.fr>
Date: Sat, 30 Aug 2025 17:14:57 +0200
Subject: [PATCH] Clean setup of antivirus

---
 htdocs/admin/security_file.php      | 146 ++++++++++++++++------------
 htdocs/admin/system/security.php    |   6 +-
 htdocs/core/class/antivir.class.php |   2 +-
 htdocs/core/class/conf.class.php    |   3 +
 htdocs/core/lib/ajax.lib.php        |   2 +-
 htdocs/core/lib/files.lib.php       |   2 +-
 htdocs/langs/en_US/admin.lang       |   1 +
 7 files changed, 93 insertions(+), 69 deletions(-)

diff --git a/htdocs/admin/security_file.php b/htdocs/admin/security_file.php
index 03eca2da512..01ab6e7c2ad 100644
--- a/htdocs/admin/security_file.php
+++ b/htdocs/admin/security_file.php
@@ -150,12 +150,38 @@ print dol_get_fiche_head($head, 'file', '', -1);
 
 print '<br>';
 
+// Download options
+
+print '<div class="div-table-responsive-no-min">';
+print '<table class="noborder centpercent nomarginbottom">';
+print '<tr class="liste_titre">';
+print '<td>'.img_picto('', 'download', 'class="pictofixedwidth"').$langs->trans("Download").'</td>';
+print '<td></td>';
+print '</tr>';
+
+print '<tr class="oddeven">';
+print '<td>'.$langs->trans("MAIN_SECURITY_MAXFILESIZE_DOWNLOADED").'<br>';
+//print '<span class="opacitymedium">'.$langs->trans("MAIN_SECURITY_MAXFILESIZE_DOWNLOADED").'</span>';
+print '</td>';
+print '<td>';
+print '<input type="text" name="MAIN_SECURITY_MAXFILESIZE_DOWNLOADED" class="width100 right" spellcheck="false" value="'.getDolGlobalString('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED').'"> '.$langs->trans("Kb");
+print "</td>";
+print '</tr>';
+
+print '</table>';
+print '</div>';
+
+
+print '<br>';
+print '<br>';
+
+
 // Upload options
 
 print '<div class="div-table-responsive-no-min">';
 print '<table class="noborder centpercent nomarginbottom">';
 print '<tr class="liste_titre">';
-print '<td>'.$langs->trans("UploadName").'</td>';
+print '<td>'.img_picto('', 'upload', 'class="pictofixedwidth"').$langs->trans("UploadName").'</td>';
 print '<td></td>';
 print '</tr>';
 
@@ -173,7 +199,6 @@ print '<input class="flat width75 right" name="MAIN_UPLOAD_DOC" type="text" spel
 print '</td>';
 print '</tr>';
 
-
 print '<tr class="oddeven">';
 print '<td>';
 print $form->textwithpicto($langs->trans("UMask"), $langs->trans("UMaskExplanation"));
@@ -183,44 +208,6 @@ print '<input class="flat width75 right" name="MAIN_UMASK" type="text" spellchec
 print '</td>';
 print '</tr>';
 
-// Use anti virus
-
-print '<tr class="oddeven">';
-print '<td>'.$langs->trans("AntiVirusCommand").'<br>';
-print '<span class="opacitymedium">'.$langs->trans("AntiVirusCommandExample").'</span>';
-// Check command in inside safe_mode
-print '</td>';
-print '<td>';
-if (ini_get('safe_mode') && getDolGlobalString('MAIN_ANTIVIRUS_COMMAND')) {
-	$langs->load("errors");
-	$basedir = preg_replace('/"/', '', dirname($conf->global->MAIN_ANTIVIRUS_COMMAND));
-	$listdir = explode(';', ini_get('safe_mode_exec_dir'));
-	if (!in_array($basedir, $listdir)) {
-		print img_warning($langs->trans('WarningSafeModeOnCheckExecDir'));
-		dol_syslog("safe_mode is on, basedir is ".$basedir.", safe_mode_exec_dir is ".ini_get('safe_mode_exec_dir'), LOG_WARNING);
-	}
-}
-print '<input type="text" '.((defined('MAIN_ANTIVIRUS_COMMAND') && !defined('MAIN_ANTIVIRUS_BYPASS_COMMAND_AND_PARAM')) ? 'disabled ' : '').'name="MAIN_ANTIVIRUS_COMMAND" class="minwidth500imp" spellcheck="false" value="'.dol_escape_htmltag(GETPOSTISSET('MAIN_ANTIVIRUS_COMMAND') ? GETPOST('MAIN_ANTIVIRUS_COMMAND') : getDolGlobalString('MAIN_ANTIVIRUS_COMMAND')).'">';
-if (defined('MAIN_ANTIVIRUS_COMMAND') && !defined('MAIN_ANTIVIRUS_BYPASS_COMMAND_AND_PARAM')) {
-	print '<br><span class="opacitymedium">'.$langs->trans("ValueIsForcedBySystem").'</span>';
-}
-print "</td>";
-print '</tr>';
-
-// Use anti virus
-
-print '<tr class="oddeven">';
-print '<td>'.$langs->trans("AntiVirusParam").'<br>';
-print '<span class="opacitymedium">'.$langs->trans("AntiVirusParamExample").'</span>';
-print '</td>';
-print '<td>';
-print '<input type="text" '.(defined('MAIN_ANTIVIRUS_PARAM') ? 'disabled ' : '').'name="MAIN_ANTIVIRUS_PARAM" class="minwidth500imp" spellcheck="false" value="'.(getDolGlobalString('MAIN_ANTIVIRUS_PARAM') ? dol_escape_htmltag(getDolGlobalString('MAIN_ANTIVIRUS_PARAM')) : '').'">';
-if (defined('MAIN_ANTIVIRUS_PARAM')) {
-	print '<br><span class="opacitymedium">'.$langs->trans("ValueIsForcedBySystem").'</span>';
-}
-print "</td>";
-print '</tr>';
-
 print '<tr class="oddeven">';
 print '<td>'.$langs->trans("UploadExtensionRestriction").'<br>';
 print '<span class="opacitymedium">'.$langs->trans("UploadExtensionRestrictionExemple").'</span>';
@@ -230,37 +217,70 @@ print '<input type="text" name="MAIN_FILE_EXTENSION_UPLOAD_RESTRICTION" class="m
 print "</td>";
 print '</tr>';
 
-print '</table>';
-print '</div>';
+
+// Use anti virus
 
 
-print '<br>';
-
-
-// Download options
-
-print '<div class="div-table-responsive-no-min">';
-print '<table class="noborder centpercent nomarginbottom">';
-print '<tr class="liste_titre">';
-print '<td>'.$langs->trans("Download").'</td>';
-print '<td></td>';
-print '</tr>';
-
+// Enable advanced perms
 print '<tr class="oddeven">';
-print '<td>'.$langs->trans("MAIN_SECURITY_MAXFILESIZE_DOWNLOADED").'<br>';
-//print '<span class="opacitymedium">'.$langs->trans("MAIN_SECURITY_MAXFILESIZE_DOWNLOADED").'</span>';
-print '</td>';
-print '<td>';
-print '<input type="text" name="MAIN_SECURITY_MAXFILESIZE_DOWNLOADED" class="width100 right" spellcheck="false" value="'.getDolGlobalString('MAIN_SECURITY_MAXFILESIZE_DOWNLOADED').'"> '.$langs->trans("Kb");
-print "</td>";
-print '</tr>';
+print '<td>'.$langs->trans("UseAntivirusOnUploadedFile").'</td>';
+print '<td class="">';
+if (defined('MAIN_ANTIVIRUS_UPLOAD_ON')) {
+	print img_picto($langs->trans("Enabled")." - Can't be disabled", 'switch_on', '', 0, 0, 0, '', 'opacitymedium');
+} else {
+	if (!empty($conf->use_javascript_ajax)) {
+		print ajax_constantonoff('MAIN_ANTIVIRUS_UPLOAD_ON', array(), null, 0, 0, 1);
+	} else {
+		if (!getDolGlobalString('MAIN_ANTIVIRUS_UPLOAD_ON')) {
+			print '<a href="'.$_SERVER['PHP_SELF'].'?action=set_MAIN_ANTIVIRUS_UPLOAD_ON&token='.newToken().'">'.img_picto($langs->trans("Disabled"), 'off').'</a>';
+		} else {
+			print '<a href="'.$_SERVER['PHP_SELF'].'?action=del_MAIN_ANTIVIRUS_UPLOAD_ON&token='.newToken().'">'.img_picto($langs->trans("Enabled"), 'on').'</a>';
+		}
+	}
+}
+print "</td></tr>";
+
+if (getDolGlobalString('MAIN_ANTIVIRUS_UPLOAD_ON')) {
+	print '<tr class="oddeven">';
+	print '<td><span class="fieldrequired">'.$langs->trans("AntiVirusCommand").'</span><br>';
+	print '<span class="opacitymedium">'.$langs->trans("AntiVirusCommandExample").'</span>';
+	print '</td>';
+	print '<td>';
+	// Check that command is inside safe_mode
+	if (ini_get('safe_mode') && getDolGlobalString('MAIN_ANTIVIRUS_COMMAND')) {
+		$langs->load("errors");
+		$basedir = preg_replace('/"/', '', dirname($conf->global->MAIN_ANTIVIRUS_COMMAND));
+		$listdir = explode(';', ini_get('safe_mode_exec_dir'));
+		if (!in_array($basedir, $listdir)) {
+			print img_warning($langs->trans('WarningSafeModeOnCheckExecDir'));
+			dol_syslog("safe_mode is on, basedir is ".$basedir.", safe_mode_exec_dir is ".ini_get('safe_mode_exec_dir'), LOG_WARNING);
+		}
+	}
+	print '<input type="text" '.((defined('MAIN_ANTIVIRUS_COMMAND') && !defined('MAIN_ANTIVIRUS_BYPASS_COMMAND_AND_PARAM')) ? 'disabled ' : '').'name="MAIN_ANTIVIRUS_COMMAND" class="minwidth500imp" spellcheck="false" value="'.dol_escape_htmltag(GETPOSTISSET('MAIN_ANTIVIRUS_COMMAND') ? GETPOST('MAIN_ANTIVIRUS_COMMAND') : getDolGlobalString('MAIN_ANTIVIRUS_COMMAND')).'">';
+	if (defined('MAIN_ANTIVIRUS_COMMAND') && !defined('MAIN_ANTIVIRUS_BYPASS_COMMAND_AND_PARAM')) {
+		print '<br><span class="opacitymedium">'.$langs->trans("ValueIsForcedBySystem").'</span>';
+	}
+	print "</td>";
+	print '</tr>';
+
+	// Anti virus param
+	print '<tr class="oddeven">';
+	print '<td>'.$langs->trans("AntiVirusParam").'<br>';
+	print '<span class="opacitymedium">'.$langs->trans("AntiVirusParamExample").'</span>';
+	print '</td>';
+	print '<td>';
+	print '<input type="text" '.(defined('MAIN_ANTIVIRUS_PARAM') ? 'disabled ' : '').'name="MAIN_ANTIVIRUS_PARAM" class="minwidth500imp" spellcheck="false" value="'.(getDolGlobalString('MAIN_ANTIVIRUS_PARAM') ? dol_escape_htmltag(getDolGlobalString('MAIN_ANTIVIRUS_PARAM')) : '').'">';
+	if (defined('MAIN_ANTIVIRUS_PARAM')) {
+		print '<br><span class="opacitymedium">'.$langs->trans("ValueIsForcedBySystem").'</span>';
+	}
+	print "</td>";
+	print '</tr>';
+}
 
 print '</table>';
 print '</div>';
 
 
-
-
 print dol_get_fiche_end();
 
 print $form->buttonsSaveCancel("Modify", '');
diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php
index d571dc4ace8..5f29b96afb4 100644
--- a/htdocs/admin/system/security.php
+++ b/htdocs/admin/system/security.php
@@ -557,9 +557,9 @@ print '<br>';
 */
 
 print '<strong>'.$langs->trans("AntivirusEnabledOnUpload").'</strong>: ';
-print !getDolGlobalString('MAIN_ANTIVIRUS_COMMAND') ? img_warning().' ' : img_picto('', 'tick').' ';
-print yn(!getDolGlobalString('MAIN_ANTIVIRUS_COMMAND') ? 0 : 1);
-if (!getDolGlobalString('MAIN_ANTIVIRUS_COMMAND')) {
+print getDolGlobalString('MAIN_ANTIVIRUS_UPLOAD_ON') ? img_picto('', 'tick').' ' : img_warning().' ';
+print yn(!getDolGlobalString('MAIN_ANTIVIRUS_UPLOAD_ON') ? 0 : 1);
+if (!getDolGlobalString('MAIN_ANTIVIRUS_UPLOAD_ON') || !getDolGlobalString('MAIN_ANTIVIRUS_COMMAND')) {
 	print ' - <span class="opacitymedium">'.$langs->trans("Recommended").': '.$langs->trans("DefinedAPathForAntivirusCommandIntoSetup", $langs->transnoentitiesnoconv("Home")." - ".$langs->transnoentitiesnoconv("Setup")." - ".$langs->transnoentitiesnoconv("Security")).'</span>';
 } else {
 	print ' &nbsp; - ' . getDolGlobalString('MAIN_ANTIVIRUS_COMMAND');
diff --git a/htdocs/core/class/antivir.class.php b/htdocs/core/class/antivir.class.php
index df06707fe5b..721acd68794 100644
--- a/htdocs/core/class/antivir.class.php
+++ b/htdocs/core/class/antivir.class.php
@@ -135,7 +135,7 @@ class AntiVir
 		$bz2archivememlim = 0; // limit memory usage for bzip2 (0/1)
 		$maxfilesize = 10485760; // archived files larger than this value (in bytes) will not be scanned
 
-		$command = getDolGlobalString('MAIN_ANTIVIRUS_COMMAND');
+		$command = getDolGlobalString('MAIN_ANTIVIRUS_COMMAND', '/usr/bin/clamdscan');
 		$param = getDolGlobalString('MAIN_ANTIVIRUS_PARAM');
 
 		$param = preg_replace('/%maxreclevel/', (string) $maxreclevel, $param);
diff --git a/htdocs/core/class/conf.class.php b/htdocs/core/class/conf.class.php
index 1ed8855a121..7a9312dbe23 100644
--- a/htdocs/core/class/conf.class.php
+++ b/htdocs/core/class/conf.class.php
@@ -1319,6 +1319,9 @@ class Conf extends stdClass
 
 			// Security
 			if (!defined('MAIN_ANTIVIRUS_BYPASS_COMMAND_AND_PARAM')) {
+				if (defined('MAIN_ANTIVIRUS_UPLOAD_ON')) {
+					$this->global->MAIN_ANTIVIRUS_UPLOAD_ON = constant('MAIN_ANTIVIRUS_UPLOAD_ON');
+				}
 				if (defined('MAIN_ANTIVIRUS_COMMAND')) {
 					$this->global->MAIN_ANTIVIRUS_COMMAND = constant('MAIN_ANTIVIRUS_COMMAND');
 				}
diff --git a/htdocs/core/lib/ajax.lib.php b/htdocs/core/lib/ajax.lib.php
index f90485e99a6..b932a9a1433 100644
--- a/htdocs/core/lib/ajax.lib.php
+++ b/htdocs/core/lib/ajax.lib.php
@@ -666,7 +666,7 @@ function ajax_event($htmlname, $events)
  * 	@param  array<string,string[]>	$input      It's array of complementary actions to do if success ("disabled"|"enabled'|'set'|'del') => CSS element to switch, 'alert' => message to show, ... Example: array('disabled'=>array(0=>'cssid'))
  * 	@param  ?int        $entity                 Entity. Current entity is used if null.
  *  @param  int<0,1>    $revertonoff            1 = Revert on/off
- *  @param  int<0,1>    $strict                 0 = Default, 1=Only the complementary actions "disabled and "enabled" (found into $input) are processed. Use only "disabled" with delConstant and "enabled" with setConstant.
+ *  @param  int<0,1>    $strict                 0 = Default, 1=Only the complementary actions "disabled" and "enabled" (found into $input) are processed. Use only "disabled" with delConstant and "enabled" with setConstant.
  *  @param  int         $forcereload            Force to reload page if we click/change value (this is supported only when there is no 'alert' option in input)
  *  @param  int<0,2>    $marginleftonlyshort    1 = Add a short left margin on picto, 2 = Add a larger left margin on picto, 0 = No left margin.
  *  @param  int<0,1>    $forcenoajax            1 = Force to use a ahref link instead of ajax code.
diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php
index b3e0581ccad..4d15d784b56 100644
--- a/htdocs/core/lib/files.lib.php
+++ b/htdocs/core/lib/files.lib.php
@@ -1385,7 +1385,7 @@ function dolCheckVirus($src_file, $dest_file = '')
 		return $reterrors;
 	}
 
-	if (getDolGlobalString('MAIN_ANTIVIRUS_COMMAND')) {
+	if (getDolGlobalString('MAIN_ANTIVIRUS_UPLOAD_ON')) {
 		if (!class_exists('AntiVir')) {
 			require_once DOL_DOCUMENT_ROOT.'/core/class/antivir.class.php';
 		}
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index 083008ad967..d6e566ba2e9 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -117,6 +117,7 @@ MustBeLowerThanPHPLimit=Note: your PHP configuration currently limits the maximu
 NoMaxSizeByPHPLimit=Note: No limit is set in your PHP configuration
 MaxSizeForUploadedFiles=Maximum size for uploaded files (0 to disallow any upload)
 UseCaptchaCode=Use graphical code (CAPTCHA)
+UseAntivirusOnUploadedFile=Use Antivirus on uploaded files (on alert, upload is denied)
 AntiVirusCommand=Full path to antivirus command
 AntiVirusCommandExample=Example for ClamAv Daemon (require clamav-daemon): /usr/bin/clamdscan<br>Example for ClamWin (very very slow): c:\\Progra~1\\ClamWin\\bin\\clamscan.exe
 AntiVirusParam= More parameters on command line