dolibarr  19.0.0-dev
antivir.class.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2000-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
3  * Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org>
4  * Copyright (C) 2004-2009 Laurent Destailleur <eldy@users.sourceforge.net>
5  * Copyright (C) 2005-2009 Regis Houssin <regis.houssin@inodbox.com>
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 3 of the License, or
10  * (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program. If not, see <https://www.gnu.org/licenses/>.
19  * or see https://www.gnu.org/
20  */
21 
30 class AntiVir
31 {
35  public $error = '';
36 
40  public $errors = array();
41 
45  public $output;
46 
50  public $db;
51 
57  public function __construct($db)
58  {
59  $this->db = $db;
60  }
61 
62  // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps
71  public function dol_avscan_file($file)
72  {
73  // phpcs:enable
74  global $conf;
75 
76  $return = 0;
77 
78  if (preg_match('/\.virus$/i', $file)) {
79  $this->errors[] = 'File has an extension saying file is a virus';
80  return -97;
81  }
82 
83  $fullcommand = $this->getCliCommand($file);
84  //$fullcommand="/usr/bin/clamdscan --fdpass '/tmp/phpuxoAEo'"
85  //$fullcommand='"c:\Program Files (x86)\ClamWin\bin\clamscan.exe" --database="C:\Program Files (x86)\ClamWin\lib" "c:\temp\aaa.txt"';
86  //var_dump($fullcommand);
87 
88  $safemode = ini_get("safe_mode");
89  // Create a clean fullcommand
90  dol_syslog("AntiVir::dol_avscan_file Run command=".$fullcommand." with safe_mode ".($safemode ? "on" : "off"));
91  // Run CLI command.
92  include_once DOL_DOCUMENT_ROOT.'/core/class/utils.class.php';
93  $utils = new Utils($this->db);
94  $outputfile = $conf->user->dir_temp.'/antivir.tmp';
95 
96  $result = $utils->executeCLI($fullcommand, $outputfile);
97 
98  $return_var = $result['result'];
99  $output = $result['output'];
100  $errorstring = $result['error'];
101 
102  if (is_null($output)) {
103  $output = array();
104  }
105 
106  dol_syslog("AntiVir::dol_avscan_file Result return_var=".$return_var." output=".$output);
107 
108  $returncodevirus = 1;
109  if ($return_var == $returncodevirus) { // Virus found
110  $this->errors = array($errorstring, $output);
111  return -99;
112  }
113 
114  if ($return_var > 0) { // If other error
115  $this->errors = array($errorstring, $output);
116  return -98;
117  }
118 
119  // If return code = 0
120  return 1;
121  }
122 
123 
124 
131  public function getCliCommand($file)
132  {
133  global $conf;
134 
135  $maxreclevel = 5; // maximal recursion level
136  $maxfiles = 1000; // maximal number of files to be scanned within archive
137  $maxratio = 200; // maximal compression ratio
138  $bz2archivememlim = 0; // limit memory usage for bzip2 (0/1)
139  $maxfilesize = 10485760; // archived files larger than this value (in bytes) will not be scanned
140 
141  $command = $conf->global->MAIN_ANTIVIRUS_COMMAND;
142  $param = $conf->global->MAIN_ANTIVIRUS_PARAM;
143 
144  $param = preg_replace('/%maxreclevel/', $maxreclevel, $param);
145  $param = preg_replace('/%maxfiles/', $maxfiles, $param);
146  $param = preg_replace('/%maxratio/', $maxratio, $param);
147  $param = preg_replace('/%bz2archivememlim/', $bz2archivememlim, $param);
148  $param = preg_replace('/%maxfilesize/', $maxfilesize, $param);
149  $param = preg_replace('/%file/', trim($file), $param);
150 
151  if (!preg_match('/%file/', $conf->global->MAIN_ANTIVIRUS_PARAM)) {
152  $param = $param." ".escapeshellarg(trim($file));
153  }
154 
155  if (preg_match("/\s/", $command)) {
156  $command = escapeshellarg($command); // Force use of quotes on command. Using escapeshellcmd fails.
157  }
158 
159  $forbidden_chars_to_replace = array("*", "?", "\"", "<", ">", "|", "[", "]", ";", '°', '$');
160  $ret = dol_sanitizePathName($command).' '.dol_string_nospecial($param, '_', $forbidden_chars_to_replace);
161 
162  //$ret=$command.' '.$param.' 2>&1';
163  //print "xx".$ret."xx";exit;
164 
165  return $ret;
166  }
167 }
AntiVir\__construct
__construct($db)
Constructor.
Definition: antivir.class.php:57
dol_string_nospecial
dol_string_nospecial($str, $newstr='_', $badcharstoreplace='', $badcharstoremove='', $keepspaces=0)
Clean a string from all punctuation characters to use it as a ref or login.
Definition: functions.lib.php:1496
dol_sanitizePathName
dol_sanitizePathName($str, $newstr='_', $unaccent=1)
Clean a string to use it as a path name.
Definition: functions.lib.php:1349
AntiVir\getCliCommand
getCliCommand($file)
Get full Command Line to run.
Definition: antivir.class.php:131
Utils
Class to manage utility methods.
Definition: utils.class.php:30
AntiVir
Class to scan for virus.
Definition: antivir.class.php:30
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:1741
AntiVir\dol_avscan_file
dol_avscan_file($file)
Scan a file with antivirus.
Definition: antivir.class.php:71