Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regression: Infected Files Now Yield "An unknown error has occurred" Instead of Appropriate Message #119

Open
GuyPaddock opened this issue Mar 5, 2019 · 8 comments
Open

Regression: Infected Files Now Yield "An unknown error has occurred" Instead of Appropriate Message #119

GuyPaddock opened this issue Mar 5, 2019 · 8 comments
Labels
bug

Comments

@GuyPaddock
Copy link

GuyPaddock commented Mar 5, 2019
edited
Loading

Steps to reproduce

  1. Install Nextcloud 15.0.5.3.
  2. Install Antivirus for Files v2.0.1.
  3. Install and configure ClamAV and the Antivirus plug-in so that it is able to communicate with ClamAV.
  4. Temporarily disable anti-virus on your local machine (to avoid it blocking your ability to test the plugin).
  5. Create an EICAR test file.
  6. Upload the test file to any file share.

Expected behaviour

  • The file should not be saved on Nextcloud.
  • The message "Infected file deleted. Eicar-Test-Signature" should appear.

Actual behaviour

  • The file is not saved on Nextcloud (as expected).
  • The message "An unknown error has occurred" appears.

This is a regression from Nextcloud 15.0.2 in which the message appeared correctly.

Server configuration

Operating system: Debian Stretch
Web server: NGinx 1.15.9
Database: MariaDB
PHP version: 7.2.15
Nextcloud version: 15.0.5.3
Updated from an older Nextcloud/ownCloud or fresh install: Fresh install
Where did you install Nextcloud from: Docker image

List of activated apps

Nextcloud apps 
Enabled:
  - accessibility: 1.1.0
  - activity: 2.8.2
  - checksum: 0.4.2
  - cloud_federation_api: 0.1.0
  - comments: 1.5.0
  - dav: 1.8.1
  - federatedfilesharing: 1.5.0
  - federation: 1.5.0
  - files: 1.10.0
  - files_antivirus: 2.0.1
  - files_downloadactivity: 1.4.0
  - files_pdfviewer: 1.4.0
  - files_sharing: 1.7.0
  - files_texteditor: 2.7.0
  - files_trashbin: 1.5.0
  - files_versions: 1.8.0
  - files_videoplayer: 1.4.0
  - firstrunwizard: 2.4.0
  - gallery: 18.2.0
  - logreader: 2.0.0
  - lookup_server_connector: 1.3.0
  - metadata: 0.8.0
  - music: 0.9.3
  - nextcloud_announcements: 1.4.0
  - notifications: 2.3.0
  - oauth2: 1.3.0
  - ownbackup: 18.11.0
  - password_policy: 1.5.0
  - provisioning_api: 1.5.0
  - serverinfo: 1.5.0
  - sharebymail: 1.5.0
  - support: 1.0.0
  - survey_client: 1.3.0
  - systemtags: 1.5.0
  - theming: 1.6.0
  - twofactor_backupcodes: 1.4.1
  - updatenotification: 1.5.0
  - user_external: 0.5.1
  - workflowengine: 1.5.0
Disabled:
  - admin_audit
  - encryption
  - files_automatedtagging
  - files_external
  - twofactor_totp
  - user_ldap

Nextcloud configuration

Nextcloud config 
{
    "system": {
        "appstoreenabled": false,
        "apps_paths": [
            {
                "path": "\/var\/www\/html\/apps",
                "url": "\/apps",
                "writable": false
            },
            {
                "path": "\/var\/www\/html\/custom_apps",
                "url": "\/custom_apps",
                "writable": false
            }
        ],
        "logfile": "\/var\/log\/nextcloud.log",
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": "6379",
            "password": "***REMOVED SENSITIVE VALUE***",
            "timeout": 1.5
        },
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "localhost",
            "***REMOVED SENSITIVE VALUE***"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "15.0.5.3",
        "overwrite.cli.url": "http:\/\/localhost",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "",
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "theme": "",
        "loglevel": 2,
        "maintenance": false
    }
}

Client configuration

Browser: Chrome 72.0.3626.109 (Official Build) (64-bit)
Operating system: Windows 10 17763.316

Logs

Nextcloud log (data/owncloud.log)

Nextcloud log 
Deploying Nextcloud 15.0.5.3...
Deployment finished.
Configuring Nextcloud to use Redis-based session storage.
[05-Mar-2019 03:10:18] NOTICE: fpm is running, pid 1
[05-Mar-2019 03:10:18] NOTICE: ready to handle connections
127.0.0.1 -  05/Mar/2019:03:10:39 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:10:42 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:11:00 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:11:12 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:11:12 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:11:12 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:11:12 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:11:14 +0000 "GET /ocs/v2.php" 200
127.0.0.1 -  05/Mar/2019:03:11:14 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:11:14 +0000 "PROPFIND /remote.php" 207
127.0.0.1 -  05/Mar/2019:03:11:14 +0000 "GET /index.php" 201
127.0.0.1 -  05/Mar/2019:03:11:18 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:11:19 +0000 "GET /ocs/v2.php" 200
127.0.0.1 -  05/Mar/2019:03:11:19 +0000 "GET /ocs/v2.php" 200
127.0.0.1 -  05/Mar/2019:03:11:19 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:11:49 +0000 "GET /ocs/v2.php" 200
127.0.0.1 -  05/Mar/2019:03:12:20 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:12:21 +0000 "GET /cron.php" 200
127.0.0.1 -  05/Mar/2019:03:12:22 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:12:24 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:12:39 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:12:39 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:12:39 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:12:39 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:12:40 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:12:41 +0000 "GET /cron.php" 200
127.0.0.1 -  05/Mar/2019:03:12:41 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:12:42 +0000 "GET /ocs/v2.php" 204
127.0.0.1 -  05/Mar/2019:03:12:43 +0000 "GET /index.php" 200
127.0.0.1 -  05/Mar/2019:03:13:18 +0000 "PUT /remote.php" 415
{"reqId":"d5zWaJtaKEA5cnDQQcec","level":2,"time":"2019-03-05T03:13:19+00:00","remoteAddr":"67.241.72.73","user":"admin","app":"files_antivirus","method":"PUT","url":"\/remote.php\/webdav\/eicar.txt","message":"Infected file deleted. Eicar-Test-Signature Account: admin Path: files\/eicar.txt.ocTransferId413104186.part","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/72.0.3626.109 Safari\/537.36","version":"15.0.5.3"}
{"reqId":"d5zWaJtaKEA5cnDQQcec","level":4,"time":"2019-03-05T03:13:19+00:00","remoteAddr":"67.241.72.73","user":"admin","app":"files_antivirus","method":"PUT","url":"\/remote.php\/webdav\/eicar.txt","message":"Infected file deleted. Eicar-Test-Signature File: files\/eicar.txt.ocTransferId413104186.part Account: admin","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/72.0.3626.109 Safari\/537.36","version":"15.0.5.3"}
{"reqId":"d5zWaJtaKEA5cnDQQcec","level":3,"time":"2019-03-05T03:13:19+00:00","remoteAddr":"67.241.72.73","user":"admin","app":"no app in context","method":"PUT","url":"\/remote.php\/webdav\/eicar.txt","message":{"Exception":"OCP\\Files\\InvalidContentException","Message":"Virus Eicar-Test-Signature is detected in the file. Upload cannot be completed.","Code":0,"Trace":[{"function":"OCA\\Files_Antivirus\\{closure}","class":"OCA\\Files_Antivirus\\AvirWrapper","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/3rdparty\/icewind\/streams\/src\/CallbackWrapper.php","line":121,"function":"call_user_func","args":[{"__class__":"Closure"}]},{"file":"\/var\/www\/html\/custom_apps\/files_antivirus\/lib\/AvirWrapper.php","line":94,"function":"stream_close","class":"Icewind\\Streams\\CallbackWrapper","type":"->","args":[]},{"file":"\/var\/www\/html\/lib\/private\/Files\/Storage\/Wrapper\/Wrapper.php","line":630,"function":"writeStream","class":"OCA\\Files_Antivirus\\AvirWrapper","type":"->","args":["files\/eicar.txt.ocTransferId413104186.part",null,null]},{"file":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/File.php","line":182,"function":"writeStream","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->","args":["files\/eicar.txt.ocTransferId413104186.part",null]},{"file":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/Directory.php","line":156,"function":"put","class":"OCA\\DAV\\Connector\\Sabre\\File","type":"->","args":[null]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":1096,"function":"createFile","class":"OCA\\DAV\\Connector\\Sabre\\Directory","type":"->","args":["eicar.txt",null]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/CorePlugin.php","line":525,"function":"createFile","class":"Sabre\\DAV\\Server","type":"->","args":["eicar.txt",null,null]},{"function":"httpPut","class":"Sabre\\DAV\\CorePlugin","type":"->","args":[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"__class__":"Sabre\\DAV\\CorePlugin"},"httpPut"],[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":479,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["method:PUT",[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/html\/apps\/dav\/appinfo\/v1\/webdav.php","line":80,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"\/var\/www\/html\/remote.php","line":163,"args":["\/var\/www\/html\/apps\/dav\/appinfo\/v1\/webdav.php"],"function":"require_once"}],"File":"\/var\/www\/html\/custom_apps\/files_antivirus\/lib\/AvirWrapper.php","Line":154,"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/72.0.3626.109 Safari\/537.36","version":"15.0.5.3"}
{"reqId":"d5zWaJtaKEA5cnDQQcec","level":4,"time":"2019-03-05T03:13:19+00:00","remoteAddr":"67.241.72.73","user":"admin","app":"webdav","method":"PUT","url":"\/remote.php\/webdav\/eicar.txt","message":{"Exception":"OCA\\DAV\\Connector\\Sabre\\Exception\\UnsupportedMediaType","Message":"Virus Eicar-Test-Signature is detected in the file. Upload cannot be completed.","Code":0,"Trace":[{"file":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/File.php","line":226,"function":"convertToSabreException","class":"OCA\\DAV\\Connector\\Sabre\\File","type":"->","args":[{"__class__":"OCP\\Files\\InvalidContentException"}]},{"file":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/Directory.php","line":156,"function":"put","class":"OCA\\DAV\\Connector\\Sabre\\File","type":"->","args":[null]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":1096,"function":"createFile","class":"OCA\\DAV\\Connector\\Sabre\\Directory","type":"->","args":["eicar.txt",null]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/CorePlugin.php","line":525,"function":"createFile","class":"Sabre\\DAV\\Server","type":"->","args":["eicar.txt",null,null]},{"function":"httpPut","class":"Sabre\\DAV\\CorePlugin","type":"->","args":[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"__class__":"Sabre\\DAV\\CorePlugin"},"httpPut"],[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":479,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["method:PUT",[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/html\/apps\/dav\/appinfo\/v1\/webdav.php","line":80,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"\/var\/www\/html\/remote.php","line":163,"args":["\/var\/www\/html\/apps\/dav\/appinfo\/v1\/webdav.php"],"function":"require_once"}],"File":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/File.php","Line":595,"Previous":{"Exception":"OCP\\Files\\InvalidContentException","Message":"Virus Eicar-Test-Signature is detected in the file. Upload cannot be completed.","Code":0,"Trace":[{"function":"OCA\\Files_Antivirus\\{closure}","class":"OCA\\Files_Antivirus\\AvirWrapper","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"\/var\/www\/html\/3rdparty\/icewind\/streams\/src\/CallbackWrapper.php","line":121,"function":"call_user_func","args":[{"__class__":"Closure"}]},{"file":"\/var\/www\/html\/custom_apps\/files_antivirus\/lib\/AvirWrapper.php","line":94,"function":"stream_close","class":"Icewind\\Streams\\CallbackWrapper","type":"->","args":[]},{"file":"\/var\/www\/html\/lib\/private\/Files\/Storage\/Wrapper\/Wrapper.php","line":630,"function":"writeStream","class":"OCA\\Files_Antivirus\\AvirWrapper","type":"->","args":["files\/eicar.txt.ocTransferId413104186.part",null,null]},{"file":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/File.php","line":182,"function":"writeStream","class":"OC\\Files\\Storage\\Wrapper\\Wrapper","type":"->","args":["files\/eicar.txt.ocTransferId413104186.part",null]},{"file":"\/var\/www\/html\/apps\/dav\/lib\/Connector\/Sabre\/Directory.php","line":156,"function":"put","class":"OCA\\DAV\\Connector\\Sabre\\File","type":"->","args":[null]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":1096,"function":"createFile","class":"OCA\\DAV\\Connector\\Sabre\\Directory","type":"->","args":["eicar.txt",null]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/CorePlugin.php","line":525,"function":"createFile","class":"Sabre\\DAV\\Server","type":"->","args":["eicar.txt",null,null]},{"function":"httpPut","class":"Sabre\\DAV\\CorePlugin","type":"->","args":[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"__class__":"Sabre\\DAV\\CorePlugin"},"httpPut"],[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":479,"function":"emit","class":"Sabre\\Event\\EventEmitter","type":"->","args":["method:PUT",[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"\/var\/www\/html\/3rdparty\/sabre\/dav\/lib\/DAV\/Server.php","line":254,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"absoluteUrl":"https:\/\/nextcloud.example.com\/remote.php\/webdav\/eicar.txt","__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"\/var\/www\/html\/apps\/dav\/appinfo\/v1\/webdav.php","line":80,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"\/var\/www\/html\/remote.php","line":163,"args":["\/var\/www\/html\/apps\/dav\/appinfo\/v1\/webdav.php"],"function":"require_once"}],"File":"\/var\/www\/html\/custom_apps\/files_antivirus\/lib\/AvirWrapper.php","Line":154},"CustomMessage":"--"},"userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/72.0.3626.109 Safari\/537.36","version":"15.0.5.3"}
127.0.0.1 -  05/Mar/2019:03:13:40 +0000 "GET /ocs/v2.php" 200

Browser log

Browser log 
Request URL: https://example.com/remote.php/webdav/eicar.txt
Request Method: PUT
Status Code: 415 
Remote Address: ***REMOVED SENSITIVE VALUE***
Referrer Policy: no-referrer
cache-control: no-store, no-cache, must-revalidate
content-security-policy: default-src 'none';
content-type: application/xml; charset=utf-8
date: Tue, 05 Mar 2019 03:37:39 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx/1.15.8
status: 415
strict-transport-security: max-age=15724800; includeSubDomains
x-frame-options: SAMEORIGIN
:authority: example.com
:method: PUT
:path: /remote.php/webdav/eicar.txt
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: no-cache
content-disposition: attachment; filename="eicar.txt"
content-length: 68
content-type: text/plain
cookie: ***REMOVED SENSITIVE VALUE***
if-none-match: *
ocs-apirequest: true
origin: https://example.com
pragma: no-cache
requesttoken: FmCzvHlyNMw18NZuAg6tPpefecOZQd0/CrYgTgOBA/c=:JgLclzofV+NZvuQeUWiZXfvMH6LBDpBJO+dNB2jqRZQ=
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36
x-requested-with: XMLHttpRequest
@GuyPaddock
Copy link
Author

One wrinkle in my new setup I did not have with Nextcloud 15.0.2 is that we are now behind the Kubernetes NGinx ingress controller. It may be the case that the ingress controller is not sending along the response body for the 415 response; I am not sure how to get to the bottom of this yet. More coming soon I hope.

@GuyPaddock
Copy link
Author

I checked but do not think ingress is to blame here.

@ruppo68
Copy link

ruppo68 commented Oct 16, 2019

Nextcloud: 16.0.5
Antivirus for files: 2.2.0
Same error:
In the nextcloud.log i find:
{"reqId":"6VMLrXIJhkwWUOidxQov","level":3,"time":"2019-10-16T10:10:30+02:00","remoteAddr":"192.168.7.11","user":"--","app":"no app in context","method":"PUT","url":"/public.php/webdav/PB000075_BOM_AA.doc","message":{"Exception":"OCP\
Files\InvalidContentException","Message":"Virus YARA.office_macro.UNOFFICIAL is detected in the file. Upload cannot be completed.","Code":0,"Trace":[{"function":"OCA\Files_Antivirus\{closure}","class":"OCA\Files_Antivirus\AvirWrappe
r","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/apps/files_external/3rdparty/icewind/streams/src/CallbackWrapper.php","line":121,"function":"call_user_func","args":[{"class":"Clo
sure"}]},{"file":"/var/www/nextcloud/apps/files_antivirus/lib/AvirWrapper.php","line":94,"function":"stream_close","class":"Icewind\Streams\CallbackWrapper","type":"->","args":[]},{"file":"/var/www/nextcloud/lib/private/Fi
les/Storage/Wrapper/Wrapper.php","line":630,"function":"writeStream","class":"OCA\Files_Antivirus\AvirWrapper","type":"->","args":["files/Abschirmblech PB 75/PB000075_BOM_AA.doc.ocTransferId1735300639.part",null,null]},{"file":"/
var/www/nextcloud/lib/private/Files/Storage/Wrapper/Wrapper.php","line":630,"function":"writeStream","class":"OC\Files\Storage\Wrapper\Wrapper","type":"->","args":["files/Abschirmblech PB 75/PB000075_BOM_AA.doc.ocTransferId
1735300639.part",null,null]},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/File.php","line":191,"function":"writeStream","class":"OC\Files\Storage\Wrapper\Wrapper","type":"->","args":["files/Abschirmblech PB 75/
PB000075_BOM_AA.doc.ocTransferId1735300639.part",null]},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/Directory.php","line":156,"function":"put","class":"OCA\DAV\Connector\Sabre\File","type":"->","args":[null]},{"
file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":1096,"function":"createFile","class":"OCA\DAV\Connector\Sabre\Directory","type":"->","args":["PB000075_BOM_AA.doc",null]},{"file":"/var/www/nextcloud
/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":525,"function":"createFile","class":"Sabre\DAV\Server","type":"->","args":["PB000075_BOM_AA.doc",null,null]},{"function":"httpPut","class":"Sabre\DAV\CorePlugin","type":"->","a
rgs":[{"absoluteUrl":"https://shares.tq-group.com/public.php/webdav/PB000075_BOM_AA.doc","class":"Sabre\HTTP\Request"},{"class":"Sabre\HTTP\Response"}]},{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/EventE
mitterTrait.php","line":105,"function":"call_user_func_array","args":[[{"class":"Sabre\DAV\CorePlugin"},"httpPut"],[{"absoluteUrl":"https://shares.tq-group.com/public.php/webdav/PB000075_BOM_AA.doc","class":"Sabre\HTTP\R
equest"},{"class":"Sabre\HTTP\Response"}]]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":479,"function":"emit","class":"Sabre\Event\EventEmitter","type":"->","args":["method:PUT",[{"absoluteU
rl":"https://shares.tq-group.com/public.php/webdav/PB000075_BOM_AA.doc","class":"Sabre\HTTP\Request"},{"class":"Sabre\HTTP\Response"}]]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":
254,"function":"invokeMethod","class":"Sabre\DAV\Server","type":"->","args":[{"absoluteUrl":"https://shares.tq-group.com/public.php/webdav/PB000075_BOM_AA.doc","class":"Sabre\HTTP\Request"},{"class":"Sabre\HTTP\Respons
e"}]},{"file":"/var/www/nextcloud/apps/dav/appinfo/v1/publicwebdav.php","line":107,"function":"exec","class":"Sabre\DAV\Server","type":"->","args":[]},{"file":"/var/www/nextcloud/public.php","line":79,"args":["/var/www/n
extcloud/apps/dav/appinfo/v1/publicwebdav.php"],"function":"require_once"}],"File":"/var/www/nextcloud/apps/files_antivirus/lib/AvirWrapper.php","Line":154,"CustomMessage":"--"},"userAgent":"Mozilla/5.0 (Windows NT 10.0; Win
64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36","version":"16.0.5.1"}

@tobiasge
Copy link

I'm still seeing this problem:
Nextcloud: 18.0.0.10
Antivirus: 2.2.1

`[webdav] Fatal: OCA\DAV\Connector\Sabre\Exception\UnsupportedMediaType: Virus Eicar-Test-Signature is detected in the file. Upload cannot be completed. at <>

  1. /var/www/domain/htdocs/apps/dav/lib/Connector/Sabre/File.php line 244
    OCA\DAV\Connector\Sabre\File->convertToSabreException(OCP\Files\InvalidContentException {})
  2. /var/www/domain/htdocs/apps/dav/lib/Connector/Sabre/Directory.php line 156
    OCA\DAV\Connector\Sabre\File->put(null)
  3. /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php line 1096
    OCA\DAV\Connector\Sabre\Directory->createFile("eicar.com", null)
  4. /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/CorePlugin.php line 525
    Sabre\DAV\Server->createFile("Documents/eicar.com", null, null)
  5. <>
    Sabre\DAV\CorePlugin->httpPut(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
  6. /var/www/domain/htdocs/3rdparty/sabre/event/lib/EventEmitterTrait.php line 105
    call_user_func_array([Sabre\DAV\CorePlugin {},"httpPut"], [Sabre\HTTP\Requ ... }])
  7. /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php line 479
    Sabre\Event\EventEmitter->emit("method:PUT", [Sabre\HTTP\Requ ... }])
  8. /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php line 254
    Sabre\DAV\Server->invokeMethod(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
  9. /var/www/domain/htdocs/apps/dav/appinfo/v1/webdav.php line 82
    Sabre\DAV\Server->exec()
  10. /var/www/domain/htdocs/remote.php line 165
    require_once("/var/www/share. ... p")

PUT /remote.php/webdav/Documents/eicar.com
from x.x.x.x by yyy at 2020-01-21T13:50:36+00:00

[no app in context] Error: OCP\Files\InvalidContentException: Virus Eicar-Test-Signature is detected in the file. Upload cannot be completed. at <>

  1. <>
    OCA\Files_Antivirus\AvirWrapper->OCA\Files_Antivirus{closure}("*** sensitive parameters replaced ***")
  2. /var/www/domain/htdocs/3rdparty/icewind/streams/src/CallbackWrapper.php line 121
    call_user_func(Closure {})
  3. /var/www/domain/htdocs/apps/files_antivirus/lib/AvirWrapper.php line 94
    Icewind\Streams\CallbackWrapper->stream_close()
  4. /var/www/domain/htdocs/lib/private/Files/Storage/Wrapper/Wrapper.php line 630
    OCA\Files_Antivirus\AvirWrapper->writeStream("files/Documents ... t", null, null)
  5. /var/www/domain/htdocs/lib/private/Files/Storage/Wrapper/Wrapper.php line 630
    OC\Files\Storage\Wrapper\Wrapper->writeStream("files/Documents ... t", null, null)
  6. /var/www/domain/htdocs/apps/dav/lib/Connector/Sabre/File.php line 192
    OC\Files\Storage\Wrapper\Wrapper->writeStream("files/Documents ... t", null)
  7. /var/www/domain/htdocs/apps/dav/lib/Connector/Sabre/Directory.php line 156
    OCA\DAV\Connector\Sabre\File->put(null)
  8. /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php line 1096
    OCA\DAV\Connector\Sabre\Directory->createFile("eicar.com", null)
  9. /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/CorePlugin.php line 525
    Sabre\DAV\Server->createFile("Documents/eicar.com", null, null)
  10. <>
    Sabre\DAV\CorePlugin->httpPut(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
  11. /var/www/domain/htdocs/3rdparty/sabre/event/lib/EventEmitterTrait.php line 105
    call_user_func_array([Sabre\DAV\CorePlugin {},"httpPut"], [Sabre\HTTP\Requ ... }])
  12. /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php line 479
    Sabre\Event\EventEmitter->emit("method:PUT", [Sabre\HTTP\Requ ... }])
  13. /var/www/domain/htdocs/3rdparty/sabre/dav/lib/DAV/Server.php line 254
    Sabre\DAV\Server->invokeMethod(Sabre\HTTP\Reque ... "}, Sabre\HTTP\Response {})
  14. /var/www/domain/htdocs/apps/dav/appinfo/v1/webdav.php line 82
    Sabre\DAV\Server->exec()
  15. /var/www/domain/htdocs/remote.php line 165
    require_once("/var/www/share. ... p")

PUT /remote.php/webdav/Documents/eicar.com
from x.x.x.x by yyy at 2020-01-21T13:50:36+00:00
`
Nextcloud

@lastsamurai26
Copy link

Same here.

nextcloud version 18.0.3
Scanner version 2.3.0

@AetherCollective
Copy link
Contributor

Adding my own logs here in hopes this gets fixed.
These logs are for issues #148 and #119 (This one)

Steps to reproduce

  1. Downloaded a virus test file (just any file you know is infected and will be detected by ClamAV)
  2. Attempt to upload above file to web interface

Expected behaviour

  1. File should be logged only or deleted, depending on the server settings.
  2. A notification telling the user a file was deleted due to being infected should be shown.

Actual behaviour

  1. File gets deleted as soon as it gets detected, despite being set to log only.
  2. "An unknown error has occurred" notification appears instead of the intended "Infected file deleted..." message

Server configuration detail

Operating system: Linux 5.4.0-48-generic #52-Ubuntu SMP Thu Sep 10 10:58:49 UTC 2020 x86_64

Webserver: Apache (fpm-fcgi)

Database: pgsql PostgreSQL 12.4 (Ubuntu 12.4-0ubuntu0.20.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 9.3.0-10ubuntu2) 9.3.0, 64-bit

PHP version:

7.4.3
Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, sodium, cgi-fcgi, json, igbinary, apcu, smbclient, PDO, xml, bcmath, bz2, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, gmp, iconv, imagick, imap, intl, redis, ldap, exif, pdo_pgsql, pgsql, Phar, posix, readline, shmop, SimpleXML, soap, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, xmlreader, xmlwriter, xsl, zip, libsmbclient, Zend OPcache

Nextcloud version: 19.0.3 - 19.0.3.1

Updated from an older Nextcloud/ownCloud or fresh install: Fresh Install

Where did you install Nextcloud from: nextcloud/vm

Signing status

Array
(
)

List of activated apps 
Enabled:
 - accessibility: 1.5.0
 - activity: 2.12.0
 - admin_audit: 1.9.0
 - announcementcenter: 3.8.1
 - appointments: 1.7.6
 - apporder: 0.11.0
 - audioplayer: 2.11.2
 - audioplayer_editor: 0.2.2
 - breezedark: 19.0.4
 - calendar: 2.0.4
 - camerarawpreviews: 0.7.8
 - checksum: 0.4.5
 - cloud_federation_api: 1.2.0
 - comments: 1.9.0
 - contacts: 3.3.0
 - contactsinteraction: 1.0.0
 - cospend: 1.0.5
 - data_request: 1.6.0
 - dav: 1.15.0
 - deck: 1.0.5
 - dicomviewer: 1.2.2
 - documentserver_community: 0.1.7
 - drawio: 0.9.7
 - duplicatefinder: 0.0.2
 - event_update_notification: 1.0.2
 - external: 3.6.0
 - extract: 1.2.4
 - federatedfilesharing: 1.9.0
 - federation: 1.9.0
 - files: 1.14.0
 - files_3d: 0.3.1
 - files_accesscontrol: 1.9.1
 - files_antivirus: 3.0.0
 - files_automatedtagging: 1.9.0
 - files_fulltextsearch: 1.4.3
 - files_linkeditor: 1.1.2
 - files_lock: 0.8.3
 - files_markdown: 2.3.1
 - files_pdfviewer: 1.8.0
 - files_photospheres: 1.19.1
 - files_rightclick: 0.16.0
 - files_sharing: 1.11.0
 - files_trackdownloads: 1.8.0
 - files_trashbin: 1.9.0
 - files_versions: 1.12.0
 - files_videoplayer: 1.8.0
 - firstrunwizard: 2.8.0
 - forms: 2.0.4
 - fulltextsearch: 1.4.2
 - fulltextsearch_elasticsearch: 1.5.2
 - groupfolders: 7.0.0
 - imageconverter: 1.2.1
 - issuetemplate: 0.7.0
 - logreader: 2.4.0
 - lookup_server_connector: 1.7.0
 - metadata: 0.12.0
 - music: 0.16.0
 - news: 14.2.2
 - nextcloud_announcements: 1.8.0
 - notes: 3.6.4
 - notifications: 2.7.0
 - oauth2: 1.7.0
 - onlyoffice: 6.0.0
 - password_policy: 1.9.1
 - photos: 1.1.0
 - polls: 1.4.3
 - previewgenerator: 2.3.0
 - printer: 0.0.3
 - privacy: 1.3.0
 - provisioning_api: 1.9.0
 - quota_warning: 1.8.0
 - ransomware_detection: 0.8.0
 - ransomware_protection: 1.7.0
 - recommendations: 0.7.0
 - registration: 0.5.0
 - serverinfo: 1.9.0
 - settings: 1.1.0
 - sharebymail: 1.9.0
 - sharingpath: 0.2.5
 - side_menu: 1.16.0
 - social: 0.3.1
 - socialsharing_diaspora: 2.1.0
 - socialsharing_email: 2.1.0
 - socialsharing_facebook: 2.1.0
 - socialsharing_twitter: 2.1.0
 - spreed: 9.0.4
 - support: 1.2.1
 - survey_client: 1.7.0
 - systemtags: 1.9.0
 - talk_simple_poll: 1.1.1
 - tasks: 0.13.3
 - text: 3.0.1
 - theming: 1.10.0
 - twofactor_backupcodes: 1.8.0
 - unsplash: 1.1.6
 - updatenotification: 1.9.0
 - video_converter: 0.1.4
 - viewer: 1.3.0
 - workflow_pdf_converter: 1.4.0
 - workflow_script: 1.4.0
 - workflowengine: 2.1.0
Disabled:
 - encryption
 - facerecognition
 - files_external
 - mail
 - radio
 - user_ldap
Configuration (config/config.php) 
{
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trusted_domains": [
        "localhost",
        "10.0.2.15",
        "loveazure.cloud",
        "loveazure.cloud",
        "192.168.86.20"
    ],
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "dbtype": "pgsql",
    "version": "19.0.3.1",
    "overwrite.cli.url": "https:\/\/loveazure.cloud\/",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbhost": "***REMOVED SENSITIVE VALUE***",
    "dbport": "",
    "dbtableprefix": "oc_",
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "installed": true,
    "instanceid": "***REMOVED SENSITIVE VALUE***",
    "upgrade.disable-web": "true",
    "log_type": "file",
    "logfile": "\/var\/log\/nextcloud\/nextcloud.log",
    "loglevel": "2",
    "log.condition": {
        "apps": [
            "admin_audit"
        ]
    },
    "mail_smtpmode": "smtp",
    "remember_login_cookie_lifetime": "31449600",
    "log_rotate_size": "0",
    "trashbin_retention_obligation": "auto, 180",
    "versions_retention_obligation": "auto, 365",
    "simpleSignUpLink.shown": false,
    "memcache.local": "\\OC\\Memcache\\APCu",
    "filelocking.enabled": true,
    "memcache.distributed": "\\OC\\Memcache\\Redis",
    "memcache.locking": "\\OC\\Memcache\\Redis",
    "redis": {
        "host": "***REMOVED SENSITIVE VALUE***",
        "port": 0,
        "timeout": 0.5,
        "dbindex": 0,
        "password": "***REMOVED SENSITIVE VALUE***"
    },
    "logtimezone": "US\/Eastern",
    "htaccess.RewriteBase": "\/",
    "maintenance": false,
    "enable_previews": true,
    "enabledPreviewProviders": [
        "OC\\Preview\\PNG",
        "OC\\Preview\\JPEG",
        "OC\\Preview\\GIF",
        "OC\\Preview\\BMP",
        "OC\\Preview\\MarkDown",
        "OC\\Preview\\MP3",
        "OC\\Preview\\TXT",
        "OC\\Preview\\Movie",
        "OC\\Preview\\Photoshop",
        "OC\\Preview\\SVG",
        "OC\\Preview\\TIFF"
    ],
    "preview_max_x": "2048",
    "preview_max_y": "2048",
    "jpeg_quality": "60",
    "mail_smtpsecure": "tls",
    "mail_sendmailmode": "smtp",
    "mail_from_address": "***REMOVED SENSITIVE VALUE***",
    "mail_domain": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpauthtype": "LOGIN",
    "mail_smtpauth": 1,
    "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
    "mail_smtpport": "587",
    "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
    "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
    "app_install_overwrite": [
        "dicomviewer",
        "radio"
    ]
}

Are you using external storage, if yes which one: no

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36

Operating system: Windows 10 Pro; Version 2004; Build 19041.338

Logs

Web server error log

https://loveazure.cloud/s/X9wNr8mf3cnSsDR/preview

Nextcloud log

https://loveazure.cloud/s/fEnwFyN7Rb66t9W (needs mirror, I cannot guarantee availability on my own server)

Browser log

No relevant logs. Just a bunch of jquery depreciation warnings that are present even in a fresh install

@JakubOnderka JakubOnderka mentioned this issue Feb 10, 2021
Merged
@it25fg
Copy link

it25fg commented Apr 6, 2021

  1. File gets deleted as soon as it gets detected, despite being set to log only.

@EmilyLove26 The choice between 'delete' and 'log only' applies to background scans (cron). For uploads by browser or sync client, there's no such choice. (Or, the docs are wrong)

@GAS85
Copy link
Contributor

GAS85 commented Jun 8, 2021
edited
Loading

The fact is that there are 2 different jobs are implemented and not well documented.

  1. Is a background in meaning of periodical Cron job with scanning all files. Could be configured via Admin panel, but has few Problems Logs spam with the same file info if file is found. #150 and Administrator notification does not work #152 and not working as expected.
  2. Is non-background job in meaning of direct checking by uploading of new files. Will not produce mean full error message (this ticket), will reduce upload speed Upload extremely slow when AV is enabled. #147 and delete files Infected file detected and deleted, "Only log" option being ignored #148 without any other option Add action for quarantine #126

@joshtrichards joshtrichards marked this as a duplicate of #212 Jan 29, 2025
@joshtrichards joshtrichards mentioned this issue Jan 29, 2025
Closed
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@tobiasge @joshtrichards @GuyPaddock @lastsamurai26 @GAS85 @AetherCollective @it25fg @ruppo68