admin/handlevirus.php

   1 <?php // $Id$
   2 /** This expects the output from a command like
   3  * clamscan -r --infected --no-summary <files> 2>&1 | php -d error_log=/path/to/log thisfile.php
   4  * also it's important that the output of clamscan prints the FULL PATH to each infected file, so use absolute paths for area to scan
   5  * also it should be run as root, or whatever the webserver runs as so that it has the right permissions in the quarantine dir etc.
   6  * php -d error_log=/path/to/log thisfile.php will override the default error log for php cli, which is stderr, so if you want this script to just print stuff out, use php thisfile.php instead.
   7  */
   8
   9
  10 $fd = fopen('php://stdin','r');
  11 if (!$fd) {
  12     exit();
  13 }
  14
  15 $FULLME='cron';
  16 require_once(dirname(dirname(__FILE__)).'/config.php');
  17 require_once($CFG->dirroot.'/lib/uploadlib.php'); // contains virus handling stuff.
  18
  19 $site = get_site();
  20
  21 while(!feof($fd)) {
  22     $entry = fgets($fd);
  23     if (strlen(trim($entry)) == 0) {
  24         continue;
  25     }
  26     if (!$file = validate_line($entry)) {
  27         continue;
  28     }
  29     $bits = explode('/',$file);
  30     $a->filename = $bits[count($bits)-1];
  31
  32     if (!$log = get_record("log","module","upload","info",$file,"action","upload")) {
  33         $a->action = clam_handle_infected_file($file,0,false);
  34         clam_replace_infected_file($file);
  35         notify_admins_unknown($file,$a);
  36         continue;
  37     }
  38     $action = clam_handle_infected_file($file,$log->userid,true);
  39     clam_replace_infected_file($file);
  40
  41     $user = get_record("user","id",$log->userid);
  42     $course = get_record("course","id",$log->course);
  43     $subject = get_string('virusfoundsubject','moodle',format_string($site->fullname));
  44     $a->date = userdate($log->time);
  45
  46     $a->action = $action;
  47     $a->course = $course->fullname;
  48     $a->user = fullname($user);
  49
  50     notify_user($user,$subject,$a);
  51     notify_admins($user,$subject,$a);
  52 }
  53 fclose($fd);
  54
  55
  56 function notify_user($user,$subject,$a) {
  57
  58     if (!$user) {
  59         return false;
  60     }
  61     $body = get_string('virusfoundlater','moodle',$a);
  62     email_to_user($user,get_admin(),$subject,$body);
  63 }
  64
  65
  66 function notify_admins($user,$subject,$a) {
  67
  68     $admins = get_admins();
  69
  70     $body = get_string('virusfoundlateradmin','moodle',$a);
  71     foreach ($admins as $admin) {
  72         email_to_user($admin,$admin,$subject,$body);
  73     }
  74 }
  75
  76 function notify_admins_unknown($file,$a) {
  77
  78     global $site;
  79
  80     $admins = get_admins();
  81     $subject = get_string('virusfoundsubject','moodle',format_string($site->fullname));
  82     $body = get_string('virusfoundlateradminnolog','moodle',$a);
  83     foreach ($admins as $admin) {
  84         email_to_user($admin,$admin,$subject,$body);
  85     }
  86 }
  87
  88 function validate_line($line) {
  89     global $CFG;
  90     if (strpos($line,"FOUND") === false) {
  91         return false;
  92     }
  93     $index = strpos($line,":");
  94     $file = substr($line,0,$index);
  95     if (!(strpos($file,$CFG->dataroot) === false)) {
  96         if (!file_exists($file)) {
  97             return false;
  98         }
  99     }
 100     else {
 101         if ($file{0} == "/") {
 102             $file = $CFG->dataroot.$file;
 103         }
 104         else {
 105             $file = $CFG->dataroot."/".$file;
 106         }
 107         if (!file_exists($file)) {
 108             return false;
 109         }
 110     }
 111     // clean up
 112     $file = preg_replace('/\.\//','/',$file);
 113     $file = preg_replace('/\/\//','/',$file);
 114     return $file;
 115 }
 116
 117 ?>