Background
When I set the attachment checker config to use clamscan and uploaded an EICAR.txt file the file is not flagged as an infected file.
I've added the DEBUG package for com.akelesconsulting.confluence.plugins.scheduler.job.VirusScanningJobRunner, and I've tried to upload EICAR.txt again.
Now, there are errors added into atlassian-jira.log/atlassian-confluence.log
2018-12-28 12:18:00,908 DEBUG [Thread-56] [confluence.plugins.utilities.StreamGobbler] run ERROR>ERROR: Could not connect to clamd on LocalSocket /var/run/clamd.scan/clamd.sock: Permission denied 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT> 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>----------- SCAN SUMMARY ----------- 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>Infected files: 0 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>Total errors: 1 2018-12-28 12:18:00,908 DEBUG [Thread-55] [confluence.plugins.utilities.StreamGobbler] run OUTPUT>Time: 0.000 sec (0 m 0 s) 2018-12-28 12:18:00,909 DEBUG [AtlassianEvent::CustomizableThreadFactory-1] [confluence.plugins.listener.AsyncEventListenerImpl] scanAttachment download.jpg [9830401] - Failed virus scan 2018-12-28 12:18:00,911 DEBUG [AtlassianEvent::CustomizableThreadFactory-1] [confluence.plugins.listener.AsyncEventListenerImpl] lambda$addComment$1 download.jpg [9830401] - Adding comment to page: Welcome to Confluence 2018-12-28 12:18:03,221 ERROR [AtlassianEvent::CustomizableThreadFactory-1] [atlassian.confluence.event.ConfluenceEventDispatcher] lambda$getRunnable$1 There was an exception thrown trying to dispatch event [com.atlassian.confluence.plugins.mentions.api.ConfluenceMentionEvent[source=com.atlassian.confluence.plugins.mentions.NotificationServiceImpl@448e5597]] from the invoker [com.atlassian.confluence.event.ConfluenceListenerHandlersConfiguration$TimingListenerHandler$1$1@30de2795] -- url: /confluence/plugins/drag-and-drop/upload.action | traceId: 519bdf55d23be4a5 | userName: admin | referer: http://192.168.9.232:8090/confluence/pages/viewpageattachments.action?pageId=65541 | action: upload java.lang.RuntimeException: java.lang.NullPointerException
Troubleshoot
Attributes used
User who starts up Confluence Service | confluenceuser |
---|---|
Infected File Location | /opt/EICAR.txt |
Does the user who starts the jira/confluence service have permission to execute the scan?
[confluenceuser@011-007-c-206 root]$ clamscan -v /opt/EICAR.txt Scanning /opt/EICAR.txt /opt/EICAR.txt: Eicar-Signature FOUND ----------- SCAN SUMMARY ----------- Known viruses: 6779665 Engine version: 0.100.2 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 51.530 sec (0 m 51 s)
To add user permission to clamscan
usermod -a -G confluenceuser clamscan
Does the user who starts the jira/confluence service have permission to write into confleunce_attachment_scan.log?
ERROR: Can't open /var/log/confluence_attachment_scan.log in append mode (check permissions!).
To give write permission to confluenceuser
chown -R confluenceuser:confluenceuser /var/log/
None of the solution above works
Send us a support ticket with your logs for us to assist you further