Background
...
Info |
---|
We've used ClamAV in Linux for the virus scanner in this example (Reference: Additional steps for anti-virus scanning) |
There is an infected file (EICAR.txt) which we've created and uploaded to Jira/Confluence. However this file is not flagged as an infected file.
...
Here is how we had configured the Virus scanning scanner path and additional options (Compatible Antivirus Command Line Scanners)
Jira | |
---|---|
Confluence |
Pre-requisite
Please turn on the DEBUG mode for the following package
Code Block com.akelesconsulting.confluence.plugins.scheduler.job.VirusScanningJobRunner,
...
- Upload the infected file into Jira/Confluence
Check if there are any errors added into atlassian-jira.log/atlassian-confluence.log. e.g.
Code Block 2018-12-28 12:18:00,908 DEBUG [Thread-56] [confluence.plugins.utilities.StreamGobbler] run ERROR>ERROR: Could not connect to clamd on LocalSocket /var/run/clamd.scan/clamd.sock: Permission denied 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT> 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>----------- SCAN SUMMARY ----------- 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>Infected files: 0 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>Total errors: 1 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>Time: 0.000 sec (0 m 0 s) 2018-12-28 12:18:00,909 DEBUG [AtlassianEvent::CustomizableThreadFactory-1] [confluence.plugins.listener.AsyncEventListenerImpl] scanAttachment download.jpg [9830401] - Failed virus scan 2018-12-28 12:18:00,911 DEBUG [AtlassianEvent::CustomizableThreadFactory-1] [confluence.plugins.listener.AsyncEventListenerImpl] lambda$addComment$1 download.jpg [9830401] - Adding comment to page: Welcome to Confluence 2018-12-28 12:18:03,221 ERROR [AtlassianEvent::CustomizableThreadFactory-1] [atlassian.confluence.event.ConfluenceEventDispatcher] lambda$getRunnable$1 There was an exception thrown trying to dispatch event [com.atlassian.confluence.plugins.mentions.api.ConfluenceMentionEvent[source=com.atlassian.confluence.plugins.mentions.NotificationServiceImpl@448e5597]] from the invoker [com.atlassian.confluence.event.ConfluenceListenerHandlersConfiguration$TimingListenerHandler$1$1@30de2795] -- url: /confluence/plugins/drag-and-drop/upload.action | traceId: 519bdf55d23be4a5 | userName: admin | referer: http://192.168.9.232:8090/confluence/pages/viewpageattachments.action?pageId=65541 | action: upload java.lang.RuntimeException: java.lang.NullPointerException
Troubleshoot
Attributes usedHere are the attributes used in the examples below
User who starts up Confluence Service | confluenceuser |
---|---|
Infected File Location | /opt/EICAR.txt |
Possible issues
Table of Contents | ||||
---|---|---|---|---|
|
Info |
---|
If the troubleshooting guides listed here does not resolve your issue, send us a support ticket with your logs for us to assist you further |
...
Does the user who starts the jira/confluence service have permission to execute the scan?
Run the following command line in the the terminal
Code Block |
---|
[confluenceuser@011-007-c-206 root]$ clamscan -v /opt/EICAR.txt |
...
This is the expected result
Code Block |
---|
Scanning /opt/EICAR.txt
/opt/EICAR.txt: Eicar-Signature FOUND
----------- SCAN SUMMARY -----------
Known viruses: 6779665
Engine version: 0.100.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 51.530 sec (0 m 51 s) |
Solution: To add user permission to clamscan
Run the following command line in the terminal
Code Block |
---|
usermod -a -G <User> clamscan |
e.g.
Code Block |
---|
usermod -a -G confluenceuser clamscan |
...
Does the user who starts the jira/confluence service have permission to write into
...
the scan log?
Is there a "Can't open ../X_attachment_scan.log" error thrown in your Atlassian log?
Code Block |
---|
ERROR: Can't open /var/log/confluence_attachment_scan.log in append mode (check permissions!). |
Solution: To give write permission to
...
user
Run the following command line in the terminal
Code Block |
---|
chown -R <user>:<user> <file directory> |
e.g.
Code Block |
---|
chown -R confluenceuser:confluenceuser /var/log/ |
...
None of the solution above works
...