dolibarr 19.0.3
antivir.class.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2000-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
3 * Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org>
4 * Copyright (C) 2004-2009 Laurent Destailleur <eldy@users.sourceforge.net>
5 * Copyright (C) 2005-2009 Regis Houssin <regis.houssin@inodbox.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
19 * or see https://www.gnu.org/
20 */
21
31{
35 public $error = '';
36
40 public $errors = array();
41
45 public $output;
46
50 public $db;
51
57 public function __construct($db)
58 {
59 $this->db = $db;
60 }
61
62 // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
71 public function dol_avscan_file($file)
72 {
73 // phpcs:enable
74 global $conf;
75
76 $return = 0;
77
78 if (preg_match('/\.virus$/i', $file)) {
79 $this->errors[] = 'File has an extension saying file is a virus';
80 return -97;
81 }
82
83 $fullcommand = $this->getCliCommand($file);
84 //$fullcommand="/usr/bin/clamdscan --fdpass '/tmp/phpuxoAEo'"
85 //$fullcommand='"c:\Program Files (x86)\ClamWin\bin\clamscan.exe" --database="C:\Program Files (x86)\ClamWin\lib" "c:\temp\aaa.txt"';
86 //var_dump($fullcommand);
87
88 $safemode = ini_get("safe_mode");
89 // Create a clean fullcommand
90 dol_syslog("AntiVir::dol_avscan_file Run command=".$fullcommand." with safe_mode ".($safemode ? "on" : "off"));
91 // Run CLI command.
92 include_once DOL_DOCUMENT_ROOT.'/core/class/utils.class.php';
93 $utils = new Utils($this->db);
94 $outputfile = $conf->user->dir_temp.'/antivir.tmp';
95
96 $result = $utils->executeCLI($fullcommand, $outputfile);
97
98 $return_var = $result['result'];
99 $output = $result['output'];
100 $errorstring = $result['error'];
101
102 if (is_null($output)) {
103 $output = array();
104 }
105
106 dol_syslog("AntiVir::dol_avscan_file Result return_var=".$return_var." output=".$output);
107
108 $returncodevirus = 1;
109 if ($return_var == $returncodevirus) { // Virus found
110 $this->errors = array($errorstring, $output);
111 return -99;
112 }
113
114 if ($return_var > 0) { // If other error
115 $this->errors = array($errorstring, $output);
116 return -98;
117 }
118
119 // If return code = 0
120 return 1;
121 }
122
123
124
131 public function getCliCommand($file)
132 {
133 global $conf;
134
135 $maxreclevel = 5; // maximal recursion level
136 $maxfiles = 1000; // maximal number of files to be scanned within archive
137 $maxratio = 200; // maximal compression ratio
138 $bz2archivememlim = 0; // limit memory usage for bzip2 (0/1)
139 $maxfilesize = 10485760; // archived files larger than this value (in bytes) will not be scanned
140
141 $command = $conf->global->MAIN_ANTIVIRUS_COMMAND;
142 $param = $conf->global->MAIN_ANTIVIRUS_PARAM;
143
144 $param = preg_replace('/%maxreclevel/', $maxreclevel, $param);
145 $param = preg_replace('/%maxfiles/', $maxfiles, $param);
146 $param = preg_replace('/%maxratio/', $maxratio, $param);
147 $param = preg_replace('/%bz2archivememlim/', $bz2archivememlim, $param);
148 $param = preg_replace('/%maxfilesize/', $maxfilesize, $param);
149 $param = preg_replace('/%file/', trim($file), $param);
150
151 if (!preg_match('/%file/', $conf->global->MAIN_ANTIVIRUS_PARAM)) {
152 $param = $param." ".escapeshellarg(trim($file));
153 }
154
155 if (preg_match("/\s/", $command)) {
156 $command = escapeshellarg($command); // Force use of quotes on command. Using escapeshellcmd fails.
157 }
158
159 $forbidden_chars_to_replace = array("*", "?", "\"", "<", ">", "|", "[", "]", ";", '°', '$');
160 $ret = dol_sanitizePathName($command).' '.dol_string_nospecial($param, '_', $forbidden_chars_to_replace);
161
162 //$ret=$command.' '.$param.' 2>&1';
163 //print "xx".$ret."xx";exit;
164
165 return $ret;
166 }
167}
Class to scan for virus.
__construct($db)
Constructor.
dol_avscan_file($file)
Scan a file with antivirus.
getCliCommand($file)
Get full Command Line to run.
Class to manage utility methods.
dol_string_nospecial($str, $newstr='_', $badcharstoreplace='', $badcharstoremove='', $keepspaces=0)
Clean a string from all punctuation characters to use it as a ref or login.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
dol_sanitizePathName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a path name.