Introduction

There are a number of issues that our users have encountered while setting up virus scanning feature with Attachment Checker.

This will be useful when you are configuring the additional steps for anti-virus scanning.

Common Issues

1 The command line virus scanner is not compatible with Attachment Checker
2 The user account running Jira/Confluence does not have permission to execute the scan
3 The user account running Jira/Confluence does not have permission to read/write to

The command line virus scanner is not compatible with Attachment Checker

Symptoms

An infected attachment uploaded but not detected by the Attachment Checker

Root cause

Attachment Checker have following requirements on 3rd party command line virus scanners

The scanner should allow scanning of a single file
The file to be scanned should be the last parameter
The scanner should return the exit code value 0 if there is no threat found. Other values if there is a possible infection

Solution

You can verify that the virus scanner is compatible by trying to scan eicar.txt

The EICAR test file is a computer file used to test the response of computer antivirus (AV) programs.
Instead of using real malware, which could cause real damage, this test file allows people to test anti-virus software without having to use a real computer virus.

For a normal file

[jirauser@server jirauser]$ clamscan -v /opt/normal.txt
Scanning /opt/normal.txt
 
----------- SCAN SUMMARY -----------
Known viruses: 6779665
Engine version: 0.100.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 51.530 sec (0 m 51 s)

## It will return 0 exit code if the file is safe
[jirauser@server jirauser]$ echo $?
0

The following example using Clamscan illustrate the different behaviour

Please update the codes and clean up this page

For an infected file

[jirauser@server jirauser]$ clamscan -v /opt/EICAR.txt
Scanning /opt/EICAR.txt
/opt/EICAR.txt: Eicar-Signature FOUND
 
----------- SCAN SUMMARY -----------
Known viruses: 6779665
Engine version: 0.100.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 51.530 sec (0 m 51 s)

## It will return a non 0 exit code when an infected file is being scanned
[jirauser@server jirauser]$ echo $?
1

We do maintain a list of Compatible Antivirus Command Line Scanners. If you have any virus scanners that is not in the list, we will be glad to provide assistance

The user account running Jira/Confluence does not have permission to execute the scan

Symptoms	Got the error message `[jirauser@server jirauser]$ clamscan /opt/onefile.txt /opt/onefile.txt: Access denied. ERROR ----------- SCAN SUMMARY ----------- Infected files: 0 Total errors: 1 Time: 0.000 sec (0 m 0 s)`
Root Cause	This is because jirauser does not have permission to execute clamscan.
Solution	To grant permission to jirauser `usermod -a -G jirauser clamscan`

The user account running Jira/Confluence does not have permission to read/write to

Symptoms	The following error in logged in the log files (atlassian-jira.log) `ERROR: Can't open /var/log/jira_attachment_scan.log in append mode (check permissions!).`
Root cause	This is because user has configured the additional options to write the scan results to another directory `--log=/var/log/jira_attachment_scan.log` The directory is not inside the Jira home directory and the user account does not have write permissions
Solution	To grant read/write permission to the user (e.g. jirauser) for that file (e.g. /var/log/jira_attachment_scan.log) `## create an empty file if it does not exist touch /var/log/jira_attachment_scan.log ## change the owner to the user account executing the scan chown jirauser:jirauser /var/log/jira_attachment_scan.log ## grant the owner Read + Write permission to the file chmod u+rw /var/log/jira_attachment_scan.log`

Other Useful Tips

Try to enable debug mode with the following package before uploading an attachment. Then you can check if there is any error in the atlassian-jira.log
com.akelesconsulting.jira.plugins
Try to switch to the same user running the Jira server and then execute the same command to see if there is any errors
su - jirauser ## example to scan /opt/jira-home/data/attachments/PROJECT/10000 using clamscan clamscan /opt/jira-home/data/attachments/PROJECT/10000

Troubleshooting on Virus Scanners