Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Background

When I set the attachment checker config to use clamscan and uploaded an EICAR.txt file the file is not flagged as an infected file.

I've added the DEBUG package for com.akelesconsulting.confluence.plugins.scheduler.job.VirusScanningJobRunner, and I've tried to upload EICAR.txt again.

Now, there are errors added into atlassian-jira.log/atlassian-confluence.log

2018-12-28 12:18:00,908 DEBUG [Thread-56] [confluence.plugins.utilities.StreamGobbler] run ERROR>ERROR: Could not connect to clamd on LocalSocket /var/run/clamd.scan/clamd.sock: Permission denied
2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>
2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>----------- SCAN SUMMARY -----------
2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>Infected files: 0
2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>Total errors: 1
2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>Time: 0.000 sec (0 m 0 s)
2018-12-28 12:18:00,909 DEBUG [AtlassianEvent::CustomizableThreadFactory-1] [confluence.plugins.listener.AsyncEventListenerImpl] scanAttachment download.jpg [9830401] - Failed virus scan
2018-12-28 12:18:00,911 DEBUG [AtlassianEvent::CustomizableThreadFactory-1] [confluence.plugins.listener.AsyncEventListenerImpl] lambda$addComment$1 download.jpg [9830401] - Adding comment to page: Welcome to Confluence
2018-12-28 12:18:03,221 ERROR [AtlassianEvent::CustomizableThreadFactory-1] [atlassian.confluence.event.ConfluenceEventDispatcher] lambda$getRunnable$1 There was an exception thrown trying to dispatch event [com.atlassian.confluence.plugins.mentions.api.ConfluenceMentionEvent[source=com.atlassian.confluence.plugins.mentions.NotificationServiceImpl@448e5597]] from the invoker [com.atlassian.confluence.event.ConfluenceListenerHandlersConfiguration$TimingListenerHandler$1$1@30de2795]
 -- url: /confluence/plugins/drag-and-drop/upload.action | traceId: 519bdf55d23be4a5 | userName: admin | referer: http://192.168.9.232:8090/confluence/pages/viewpageattachments.action?pageId=65541 | action: upload
java.lang.RuntimeException: java.lang.NullPointerException

Troubleshoot

Attributes used

User who starts up Confluence Serviceconfluenceuser
Infected File Location/opt/EICAR.txt

  • Does the user who starts the jira/confluence service have permission to execute the scan? 

    [confluenceuser@011-007-c-206 root]$ clamscan -v /opt/EICAR.txt
Scanning /opt/EICAR.txt
/opt/EICAR.txt: Eicar-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 6779665
Engine version: 0.100.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 51.530 sec (0 m 51 s)

    • To add user permission to clamscan

      usermod -a -G confluenceuser clamscan

  • Does the user who starts the jira/confluence service have permission to write into confleunce_attachment_scan.log?

    ERROR: Can't open /var/log/confluence_attachment_scan.log in append mode (check permissions!).

    • To give write permission to confluenceuser

      chown -R confluenceuser:confluenceuser /var/log/

  • None of the  solution above works

  • No labels