<html><body>
<p><font size="2" face="sans-serif">Many thanks Brian,</font><br>
<br>
<font size="2" face="sans-serif">after solving some initial problems we got it working.</font><br>
<br>
<font size="2" face="sans-serif">- clamd daemon must be installed and running</font><br>
<font size="2" face="sans-serif">- port must be the same as the LocalSocket defined in /etc/clamd.conf</font><br>
<font size="2" face="sans-serif">- the clam user running the clamd daemon must be in the same group as the apache user.</font><br>
<br>
<font size="2" face="sans-serif">We tested with a text file containing the EICAR signature </font><font size="2" face="sans-serif">(</font><a href="http://www.eicar.org/download/eicar.com.txt"><font size="2" face="sans-serif">http://www.eicar.org/download/eicar.com.txt</font></a><font size="2" face="sans-serif"> )- works fine.</font><br>
<font size="2" face="sans-serif">ClamAV does not recognize the EICAR signature enclosed in a pdf file using a Trojan horse file dropper (</font><a href="http://blog.didierstevens.com/2015/08/28/test-file-pdf-with-embedded-doc-dropping-eicar/"><font size="2" face="sans-serif">http://blog.didierstevens.com/2015/08/28/test-file-pdf-with-embedded-doc-dropping-eicar/</font></a><font size="2" face="sans-serif"> ), while the Antivirus scanner on my Mac did.</font><br>
<br>
<font size="2" face="sans-serif">Best regards,</font><br>
<br>
<font size="2" face="sans-serif">Martin</font><br>
<br>
<font size="2" face="sans-serif">--</font><br>
<font size="2" face="sans-serif">Dr. Martin Brändle</font><br>
<font size="2" face="sans-serif">Zentrale Informatik</font><br>
<font size="2" face="sans-serif">Universität Zürich</font><br>
<font size="2" face="sans-serif">Stampfenbachstr. 73</font><br>
<font size="2" face="sans-serif">CH-8006 Zürich</font><br>
<br>
<font size="2" face="sans-serif">mail: martin.braendle@id.uzh.ch</font><br>
<font size="2" face="sans-serif">phone: +41 44 63 56705</font><br>
<font size="2" face="sans-serif">fax: +41 44 63 54505</font><br>
<font size="2" face="sans-serif"><a href="http://www.zi.uzh.ch">http://www.zi.uzh.ch</a></font><br>
<br>
<img width="16" height="16" src="cid:1__=4EBBF5D4DFAC628B8f9e8a93df9@lotus.uzh.ch" border="0" alt="Inactive hide details for "Brian D. Gregg" ---25/01/2016 16:57:16---Martin, This is what we us in our IR (running EPrints 3.2.8"><font size="2" color="#424282" face="sans-serif">"Brian D. Gregg" ---25/01/2016 16:57:16---Martin, This is what we us in our IR (running EPrints 3.2.8). It could probably be written a bit be</font><br>
<br>
<font size="1" color="#5F5F5F" face="sans-serif">Von: </font><font size="1" face="sans-serif">"Brian D. Gregg" <bdgregg@pitt.edu></font><br>
<font size="1" color="#5F5F5F" face="sans-serif">An: </font><font size="1" face="sans-serif">"eprints-tech@ecs.soton.ac.uk" <eprints-tech@ecs.soton.ac.uk></font><br>
<font size="1" color="#5F5F5F" face="sans-serif">Datum: </font><font size="1" face="sans-serif">25/01/2016 16:57</font><br>
<font size="1" color="#5F5F5F" face="sans-serif">Betreff: </font><font size="1" face="sans-serif">[EP-tech] Re: Virus Scan during Upload</font><br>
<font size="1" color="#5F5F5F" face="sans-serif">Gesendet von: </font><font size="1" face="sans-serif">eprints-tech-bounces@ecs.soton.ac.uk</font><br>
<hr width="100%" size="2" align="left" noshade style="color:#8091A5; "><br>
<br>
<br>
<font size="2" color="#1F497D" face="Calibri">Martin,</font><br>
<font size="2" color="#1F497D" face="Calibri"> </font><br>
<font size="2" color="#1F497D" face="Calibri">This is what we us in our IR (running EPrints 3.2.8). It could probably be written a bit better (obviously – feel free to tweak as anyone sees fit), but works as is for us currently. You will need ClamAV installed (including the associated PERL modules).</font><br>
<font size="2" color="#1F497D" face="Calibri"> </font><br>
<font size="2" color="#1F497D" face="Calibri">This part goes into the cfg/cfg.d/document_validate.pl file under the “CHECKS IN HERE” comment but before the “return ( @problems );”</font><br>
<font size="2" color="#1F497D" face="Calibri"> </font><br>
<font size="2" color="#1F497D" face="Calibri"> # Virus scan the uploaded files.</font><br>
<font size="2" color="#1F497D" face="Calibri"> my %files = $document->files;</font><br>
<font size="2" color="#1F497D" face="Calibri"> my $path = $document->local_path;</font><br>
<font size="2" color="#1F497D" face="Calibri"> while ( my ($filename, $size) = each(%files)) {</font><br>
<font size="2" color="#1F497D" face="Calibri"> # for each file uploaded</font><br>
<font size="2" color="#1F497D" face="Calibri"> use </font><font size="2" color="#1F497D" face="Calibri"><a href="File::Scan::ClamAV">File::Scan::ClamAV</a></font><font size="2" color="#1F497D" face="Calibri">;</font><br>
<font size="2" color="#1F497D" face="Calibri"> my $av = new </font><font size="2" color="#1F497D" face="Calibri"><a href="File::Scan::ClamAV(find_all">File::Scan::ClamAV(find_all</a></font><font size="2" color="#1F497D" face="Calibri"> => 1, port=> '/tmp/clamd');</font><br>
<font size="2" color="#1F497D" face="Calibri"> my $filetoscan = "$path/$filename";</font><br>
<font size="2" color="#1F497D" face="Calibri"> my %caught = $av->scan("$filetoscan");</font><br>
<font size="2" color="#1F497D" face="Calibri"> while (my ($k,$v) = each %caught ) {</font><br>
<font size="2" color="#1F497D" face="Calibri"> # Viruses Found</font><br>
<font size="2" color="#1F497D" face="Calibri"> push @problems,</font><br>
<font size="2" color="#1F497D" face="Calibri"> $session->html_phrase( "validate:virus_found",</font><br>
<font size="2" color="#1F497D" face="Calibri"> filename => $session->make_text($filename),</font><br>
<font size="2" color="#1F497D" face="Calibri"> virus => $session->make_text($v) );</font><br>
<font size="2" color="#1F497D" face="Calibri"> }</font><br>
<font size="2" color="#1F497D" face="Calibri"> }</font><br>
<font size="2" color="#1F497D" face="Calibri"> # End Virus scan.</font><br>
<font size="2" color="#1F497D" face="Calibri"> </font><br>
<font size="2" color="#1F497D" face="Calibri">And the HTML Phrase can go into the file cfg/lang/en/validate.xml </font><br>
<font size="2" color="#1F497D" face="Calibri"> </font><br>
<font size="2" color="#1F497D" face="Calibri"><epp:phrase id="validate:virus_found">The file that has been uploaded contains a virus. The file in question is: <epc:pin name="filename"/>. It contains the virus: <epc:pin name="virus"/>. Please remove the file and upload a virus free version.</epp:phrase></font><br>
<font size="2" color="#1F497D" face="Calibri"> </font><br>
<font size="2" color="#1F497D" face="Calibri">Hope this helps or at least points you in a direction as to what you might need.</font><br>
<font size="2" color="#1F497D" face="Calibri"> </font><br>
<font size="2" color="#1F497D" face="Calibri">Thanks,</font><br>
<font size="2" color="#1F497D" face="Calibri">Brian Gregg.</font><br>
<font size="2" color="#1F497D" face="Calibri"> </font><br>
<font size="5" color="#323E4F" face="Calibri"><b>Brian D. Gregg</b></font><br>
<font size="4" color="#323E4F" face="Calibri"><i>Solutions Architect </i></font><font size="4" color="#323E4F" face="Calibri">|</font><font size="4" color="#323E4F" face="Calibri"><i> Manager Systems Development</i></font><br>
<font size="2" color="#323E4F" face="Calibri">University of Pittsburgh | University Library System</font><br>
<font size="2" color="#323E4F" face="Calibri">Address: </font><a href="https://maps.google.com/maps?q=7500+Thomas+Blvd,+Pittsburgh,+PA&hl=en&sll=41.117935,-77.604698&sspn=7.662465,13.73291&oq=7500+Tho&t=h&hnear=7500+Thomas+Blvd,+Pittsburgh,+Pennsylvania+15208&z=17" target="_blank"><font size="2" color="#0563C1" face="Calibri"><u>7500 Thomas Blvd. Room 129 Pittsburgh, PA 15208</u></font></a><br>
<font size="2" color="#17365D" face="Calibri">Tel: (412) 648-3264 | Email: </font><a href="mailto:bdgregg@pitt.edu"><font size="2" color="#0563C1" face="Calibri"><u>bdgregg@pitt.edu</u></font></a><font size="2" color="#17365D" face="Calibri"> | Fax: (412) 648-3585</font><br>
<a href="https://orcid.org/0000-0001-6541-4544"><font size="2" color="#0563C1" face="Calibri"><u>https://orcid.org/0000-0001-6541-4544</u></font></a><br>
<font size="2" color="#1F497D" face="Calibri"> </font><br>
<font size="2" color="#1F497D" face="Calibri"> </font><br>
<a name="_MailEndCompose"></a><font size="2" color="#1F497D" face="Calibri"> </font><br>
<font size="2" face="Calibri"><b>From:</b></font><font size="2" face="Calibri"> eprints-tech-bounces@ecs.soton.ac.uk [</font><font size="2" face="Calibri"><a href="mailto:eprints-tech-bounces@ecs.soton.ac.uk">mailto:eprints-tech-bounces@ecs.soton.ac.uk</a></font><font size="2" face="Calibri">] </font><font size="2" face="Calibri"><b>On Behalf Of </b></font><font size="2" face="Calibri">martin.braendle@id.uzh.ch</font><font size="2" face="Calibri"><b><br>
Sent:</b></font><font size="2" face="Calibri"> Monday, January 25, 2016 10:19 AM</font><font size="2" face="Calibri"><b><br>
To:</b></font><font size="2" face="Calibri"> eprints-tech@ecs.soton.ac.uk</font><font size="2" face="Calibri"><b><br>
Subject:</b></font><font size="2" face="Calibri"> [EP-tech] Virus Scan during Upload</font><br>
<font size="3" face="Times New Roman"> </font>
<p><font size="2" face="Arial">Hi,</font><font size="3" face="Times New Roman"><br>
</font><font size="2" face="Arial"><br>
in the course of a Swiss Digital Lifecycle Management Project, we are evaluating EPrints and our repo according to the POWRR scheme (gap analysis) to find tools for digital preservation.</font><font size="3" face="Times New Roman"><br>
</font><font size="2" face="Arial"><br>
One criterion is virus scan of a document before it is uploaded. I have found this old thread: </font><a href="http://www.eprints.org/tech.php/thread-16755.html"><font size="2" color="#0000FF" face="Arial"><u>http://www.eprints.org/tech.php/thread-16755.html</u></font></a><font size="3" face="Times New Roman"><br>
</font><font size="2" face="Arial"><br>
Has anyone followed up on this, implemented a hook and is willing to share code?</font><font size="3" face="Times New Roman"><br>
</font><font size="2" face="Arial"><br>
Thank you for all your advice and help.</font><font size="3" face="Times New Roman"><br>
</font><font size="2" face="Arial"><br>
Martin</font><font size="3" face="Times New Roman"><br>
</font><font size="2" face="Arial"><br>
--<br>
Dr. Martin Brändle<br>
Zentrale Informatik<br>
Universität Zürich<br>
Stampfenbachstr. 73<br>
CH-8006 Zürich</font><tt><font size="2">*** Options: </font></tt><tt><font size="2"><a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech">http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech</a></font></tt><tt><font size="2"><br>
*** Archive: </font></tt><tt><font size="2"><a href="http://www.eprints.org/tech.php/">http://www.eprints.org/tech.php/</a></font></tt><tt><font size="2"><br>
*** EPrints community wiki: </font></tt><tt><font size="2"><a href="http://wiki.eprints.org/">http://wiki.eprints.org/</a></font></tt><tt><font size="2"><br>
*** EPrints developers Forum: </font></tt><tt><font size="2"><a href="http://forum.eprints.org/">http://forum.eprints.org/</a></font></tt><tt><font size="2"><br>
</font></tt>
<p></body></html>