forked from moodle/moodle
-
Notifications
You must be signed in to change notification settings - Fork 0
/
handlevirus.php
144 lines (122 loc) · 4.48 KB
/
handlevirus.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
<?php
/** This expects the output from a command like
* clamscan -r --infected --no-summary <files> 2>&1 | php -d error_log=/path/to/log thisfile.php
* also it's important that the output of clamscan prints the FULL PATH to each infected file, so use absolute paths for area to scan
* also it should be run as root, or whatever the webserver runs as so that it has the right permissions in the quarantine dir etc.
* php -d error_log=/path/to/log thisfile.php will override the default error log for php cli, which is stderr, so if you want this script to just print stuff out, use php thisfile.php instead.
*/
$fd = fopen('php://stdin','r');
if (!$fd) {
exit();
}
require_once(dirname(dirname(__FILE__)).'/config.php');
require_once($CFG->libdir.'/eventslib.php');
require_once($CFG->dirroot.'/lib/uploadlib.php'); // contains virus handling stuff.
$site = get_site();
while(!feof($fd)) {
$entry = fgets($fd);
if (strlen(trim($entry)) == 0) {
continue;
}
if (!$file = validate_line($entry)) {
continue;
}
$bits = explode('/',$file);
$a->filename = $bits[count($bits)-1];
if (!$log = $DB->get_record("log", array("module"=>"upload", "info"=>$file, "action"=>"upload"))) {
$a->action = clam_handle_infected_file($file,0,false);
clam_replace_infected_file($file);
notify_admins_unknown($file,$a);
continue;
}
$action = clam_handle_infected_file($file,$log->userid,true);
clam_replace_infected_file($file);
$user = $DB->get_record("user", array("id"=>$log->userid));
$course = $DB->get_record("course", array("id"=>$log->course));
$subject = get_string('virusfoundsubject','moodle',format_string($site->fullname));
$a->date = userdate($log->time);
$a->action = $action;
$a->course = $course->fullname;
$a->user = fullname($user);
notify_user($user,$subject,$a);
notify_admins($user,$subject,$a);
}
fclose($fd);
function notify_user($user,$subject,$a) {
if (!$user) {
return false;
}
$body = get_string('virusfoundlater','moodle',$a);
$eventdata = new object();
$eventdata->modulename = 'moodle';
$eventdata->userfrom = get_admin();
$eventdata->userto = $user;
$eventdata->subject = $subject;
$eventdata->fullmessage = $body;
$eventdata->fullmessageformat = FORMAT_PLAIN;
$eventdata->fullmessagehtml = '';
$eventdata->smallmessage = '';
message_send($eventdata);
}
function notify_admins($user,$subject,$a) {
$admins = get_admins();
$body = get_string('virusfoundlateradmin','moodle',$a);
foreach ($admins as $admin) {
$eventdata = new object();
$eventdata->modulename = 'moodle';
$eventdata->userfrom = $admin;
$eventdata->userto = $admin;
$eventdata->subject = $subject;
$eventdata->fullmessage = $body;
$eventdata->fullmessageformat = FORMAT_PLAIN;
$eventdata->fullmessagehtml = '';
$eventdata->smallmessage = '';
message_send($eventdata);
}
}
function notify_admins_unknown($file,$a) {
global $site;
$admins = get_admins();
$subject = get_string('virusfoundsubject','moodle',format_string($site->fullname));
$body = get_string('virusfoundlateradminnolog','moodle',$a);
foreach ($admins as $admin) {
$eventdata = new object();
$eventdata->modulename = 'moodle';
$eventdata->userfrom = $admin;
$eventdata->userto = $admin;
$eventdata->subject = $subject;
$eventdata->fullmessage = $body;
$eventdata->fullmessageformat = FORMAT_PLAIN;
$eventdata->fullmessagehtml = '';
$eventdata->smallmessage = '';
message_send($eventdata);
}
}
function validate_line($line) {
global $CFG;
if (strpos($line,"FOUND") === false) {
return false;
}
$index = strpos($line,":");
$file = substr($line,0,$index);
if (!(strpos($file,$CFG->dataroot) === false)) {
if (!file_exists($file)) {
return false;
}
}
else {
if ($file{0} == "/") {
$file = $CFG->dataroot.$file;
}
else {
$file = $CFG->dataroot."/".$file;
}
if (!file_exists($file)) {
return false;
}
}
// clean up
$file = preg_replace('/\.\//','/',$file);
$file = preg_replace('/\/\//','/',$file);
return $file;
}