• Antivirus configure with clamd(scan)

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 #53476  by UberStrike88
 
Hi everyone,

So I am configuring an openkm installation on my local machine (ubuntu 22.04), OpenKM 6.3 CE and I was tinkering with the antivirus settings. Why? Because when using clamscan instead of clamdscan (daemon) it has to build the db everytime and scanning 1 small files takes quite a long startup time. Comparing that to clamdscan that is always running and scans it in a fraction of the time that clamscan does. This really speeds up batch uploads like when I want to upload 20 files because now with clamscan it rebuilds 20 times for each file. I find that kind of unnecessary so I want to use the daemon

So what did I try:
1: changing the conf var to /usr/bin/clamdscan that didn't work so I tried it like this /usr/bin/clamdscan --fdpass. This didn't work either.
2: I made a bashscript in /usr/bin/ that basically does the same as above but then I don't have to pass the flag through OpenKM the script looks like:
Code: Select all
#!/bin/bash

ifname=$1

/usr/bin/clamdscan --fdpass $ifname

That didn't work either. I uploaded a test windows virus and by using clamdscan it doesn't detect it (In the CLI it does when using clamdscan or my bash script directly). So is OpenKM really not compatible with the clamscan daemon? I couldn't find anything about it online.

clamdscan results (daemon)
Image


clamscan results (The one that works with OpenKM)
Image

If anyone has some insight it would be very appreciated!
 #53504  by UberStrike88
 
jllort wrote: Sat May 14, 2022 3:53 pm Take a look at the code and when this parameter is used and in what manner for better understanding:
* https://github.com/openkm/document-mana ... .java#L227
* https://github.com/openkm/document-mana ... .java#L205
* https://github.com/openkm/document-mana ... ction.java
Thank you for pointing me in the right direction, I see now that another param is inserted in code and because of that that param was used as the directory in the script and not working. So 2 solutions, 1: Add the --fdpass param in code in the VirusDetection.java like this (I tested) and create a war:
Code: Select all
ProcessBuilder pb = new ProcessBuilder(Config.SYSTEM_ANTIVIR, "--fdpass", "--no-summary", tmpFile.getPath());
REMEMBER: Doing this will break the clamscan command, so you can only use clamdscan

Or use a custom bashscript that I edited to work with it (so you can keep using the openkm war and not build with every update):
Code: Select all
#!/bin/bash

params=$1
ifname=$2

/usr/bin/clamdscan --fdpass $params $ifname

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.