Background

...

There is an infected file (EICAR.txt) which we've created and uploaded to Jira/Confluence. However this file is not flagged as an infected file.

...

Here is how we had configured the Virus scanning scanner path and additional options (Compatible Antivirus Command Line Scanners)

Jira	Image Added
Confluence	Image Added

Pre-requisite

1. Please turn on the DEBUG mode for the following package 

   Code Block
   com.akelesconsulting.confluence.plugins.scheduler.job.VirusScanningJobRunner,

...

1. 
   

2. Upload the infected file into Jira/Confluence

3. Check if there are any errors added into atlassian-jira.log/atlassian-confluence.log. e.g.

   Code Block

   2018-12-28 12:18:00,908 DEBUG [Thread-56] [confluence.plugins.utilities.StreamGobbler] run ERROR>ERROR: Could not connect to clamd on LocalSocket /var/run/clamd.scan/clamd.sock: Permission denied 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT> 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>----------- SCAN SUMMARY ----------- 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>Infected files: 0 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>Total errors: 1 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>Time: 0.000 sec (0 m 0 s) 2018-12-28 12:18:00,909 DEBUG [AtlassianEvent::CustomizableThreadFactory-1] [confluence.plugins.listener.AsyncEventListenerImpl] scanAttachment download.jpg [9830401] - Failed virus scan 2018-12-28 12:18:00,911 DEBUG [AtlassianEvent::CustomizableThreadFactory-1] [confluence.plugins.listener.AsyncEventListenerImpl] lambda$addComment$1 download.jpg [9830401] - Adding comment to page: Welcome to Confluence 2018-12-28 12:18:03,221 ERROR [AtlassianEvent::CustomizableThreadFactory-1] [atlassian.confluence.event.ConfluenceEventDispatcher] lambda$getRunnable$1 There was an exception thrown trying to dispatch event [com.atlassian.confluence.plugins.mentions.api.ConfluenceMentionEvent[source=com.atlassian.confluence.plugins.mentions.NotificationServiceImpl@448e5597]] from the invoker [com.atlassian.confluence.event.ConfluenceListenerHandlersConfiguration$TimingListenerHandler$1$1@30de2795] -- url: /confluence/plugins/drag-and-drop/upload.action | traceId: 519bdf55d23be4a5 | userName: admin | referer: http://192.168.9.232:8090/confluence/pages/viewpageattachments.action?pageId=65541 | action: upload java.lang.RuntimeException: java.lang.NullPointerException

   
   

Troubleshoot

Attributes usedHere are the attributes used in the examples below

Possible issues

...

Does the user who starts the jira/confluence service have permission to execute the scan? 

Run the following command line in the the terminal

[confluenceuser@011-007-c-206 root]$ clamscan -v /opt/EICAR.txt

...

This is the expected result

Scanning /opt/EICAR.txt
/opt/EICAR.txt: Eicar-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 6779665
Engine version: 0.100.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 51.530 sec (0 m 51 s)

Solution: To add user permission to clamscan

Run the following command line in the terminal

usermod -a -G <User> clamscan

e.g. 

usermod -a -G confluenceuser clamscan

...

Does the user who starts the jira/confluence service have permission to write into

...

the scan log?

Is there a "Can't open ../X_attachment_scan.log" error thrown in your Atlassian log?

ERROR: Can't open /var/log/confluence_attachment_scan.log in append mode (check permissions!).

Solution: To give write permission to

...

user

Run the following command line in the terminal

chown -R <user>:<user> <file directory>

e.g.

chown -R confluenceuser:confluenceuser /var/log/

...

None of the  solution above works

...