infrastructure
/
extensions-website
4
6
Fork 4
Code Issues 23 Pull Requests 3 Projects Releases Wiki Activity

Scan files with clamdscan #77

Merged
Anna Sirota merged 17 commits from scan-file into main 2024-04-12 19:11:30 +02:00
Conversation 0 Commits 17 Files Changed 14 +342 -10
Anna Sirota commented 2024-04-11 19:31:32 +02:00
Owner
Copy Link

What this does

Internally

  • scans each newly created file with clamavd client (requires clamavd daemon running);
  • saves the result as a FileValidation record;

clamdscan is called in a background task, so no scanning will happen unless ./manage.py process_tasks is running.

In the admin

  • shows all scan results in the files.File admin;
  • allows filtering "OK" and "not OK" files in the admin as marked by the result of the scan;
  • allows manually triggering the scan for selected files with admin action;

In the front-end

  • displays an alert to moderators and to staff accounts with "view File" (files.view_file) permission;
  • additionally, displays a link to the File admin page for staff accounts with relevant permissions (being in moderators group is not enough).

Screenshots

Scan statuses in admin's list of files:

3

2

Scan results inlined in File's admin:

4

Custom action in the admin

2222

Warning shown to staff accounts with a "view File" permission:

1

Flag in the approval queue

Also only shown to staff accounts with a "view File" permission

1111

TODO

  • run in a background task
  • show a visually alarming flag in the approval queue, when scanner finds something
  • playbooks for configuring clamavd
### What this does #### Internally * scans each newly created file with clamavd client (requires clamavd daemon running); * saves the result as a `FileValidation` record; `clamdscan` is called in a background task, so no scanning will happen unless `./manage.py process_tasks` is running. #### In the admin * shows all scan results in the `files.File` admin; * allows filtering "OK" and "not OK" files in the admin as marked by the result of the scan; * allows manually triggering the scan for selected files with admin action; #### In the front-end * displays an alert to moderators and to staff accounts with "view File" (`files.view_file`) permission; * additionally, displays a link to the `File` admin page for staff accounts with relevant permissions (being in moderators group is not enough). ### Screenshots #### Scan statuses in admin's list of files: ![3](https://projects.blender.org/attachments/efa61313-f5df-4b7e-ab70-8365d1a11938) ![2](https://projects.blender.org/attachments/d8a03f82-bc10-4568-a4e1-352928e05317) #### Scan results inlined in File's admin: ![4](https://projects.blender.org/attachments/ff4adc4b-43d7-4004-ba31-9676770e4c4b) #### Custom action in the admin ![2222](https://projects.blender.org/attachments/c0b4dec5-aef2-4b0f-824b-4ec30fc87ad2) #### Warning shown to staff accounts with a "view File" permission: ![1](https://projects.blender.org/attachments/8acc4b25-edd9-4380-9e18-e1ff8fce8790) #### Flag in the approval queue Also only shown to staff accounts with a "view File" permission ![1111](https://projects.blender.org/attachments/5b2db65d-4066-42f0-9c40-be0b03c5f39b) #### TODO - [x] run in a background task - [x] show a visually alarming flag in the approval queue, when scanner finds something - [x] playbooks for configuring clamavd
2024-04-12-170326_1528x626_scrot.png
109 KiB
2024-04-12-172519_1920x1080_scrot_.png
272 KiB
2024-04-12-170214_1532x627_scrot.png
109 KiB
2024-04-12-170145_1236x350_scrot.png
44 KiB
2024-04-12-173658_1371x312_scrot.png
51 KiB
2024-04-12-174423_1920x1080_scrot.png
66 KiB
Anna Sirota added 1 commit 2024-04-11 19:31:37 +02:00
Anna Sirota added the
Type
Enhancement
 label 2024-04-11 19:32:55 +02:00
Anna Sirota added 1 commit 2024-04-12 12:27:44 +02:00
Anna Sirota added 1 commit 2024-04-12 12:30:21 +02:00
Anna Sirota added 3 commits 2024-04-12 14:25:23 +02:00
fc8100b9ae Playbooks: packages for clamav daemon and client 
Use
    ./ansible.sh -i environments/staging install.yaml --diff --tags=deps
    ./ansible.sh -i environments/production install.yaml --diff --tags=deps

to install these on staging/production.
Anna Sirota added 3 commits 2024-04-12 17:53:15 +02:00
Anna Sirota changed title from WIP: Scan a file with clamdscan to Scan a file with clamdscan 2024-04-12 17:53:42 +02:00
Anna Sirota added 1 commit 2024-04-12 17:54:30 +02:00
Anna Sirota added 1 commit 2024-04-12 17:58:47 +02:00
Anna Sirota added 1 commit 2024-04-12 18:07:02 +02:00
Anna Sirota added 1 commit 2024-04-12 18:15:06 +02:00
Anna Sirota added 1 commit 2024-04-12 18:27:41 +02:00
Anna Sirota added 1 commit 2024-04-12 18:52:11 +02:00
Anna Sirota changed title from Scan a file with clamdscan to Scan files with clamdscan 2024-04-12 18:54:03 +02:00
Anna Sirota added 1 commit 2024-04-12 19:01:33 +02:00
Anna Sirota added 1 commit 2024-04-12 19:04:14 +02:00
Oleg-Komarov approved these changes 2024-04-12 19:09:01 +02:00
Dismissed
Oleg-Komarov approved these changes 2024-04-12 19:09:41 +02:00
Anna Sirota merged commit 57e3530cd5 into main 2024-04-12 19:11:30 +02:00
Anna Sirota deleted branch scan-file 2024-04-12 19:11:40 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Oleg-Komarov
Labels
Clear labels   
Priority
Critical
The priority is critical

  
Priority
High
The priority is high

  
Priority
Low
The priority is low

  
Priority
Normal
The priority is medium

  
Reviewed
Confirmed
Issue has been confirmed

  
Reviewed
Duplicate
This issue or pull request already exists

  
Reviewed
Invalid
Invalid issue

  
Reviewed
Won't Fix
This issue won't be fixed

  
Status
Abandoned
Somebody has started to work on this but abandoned work

  
Status
Blocked
Something is blocking this issue or pull request

  
Status
Need More Info
Feedback is required to reproduce issue or to continue work

  
Type
Breaking
Breaking change that won't be backward compatible

  
Type
Bug
Something is not working

  
Type
Documentation
Documentation changes

  
Type
Enhancement
Improve existing functionality

  
Type
Feature
New functionality

  
Type
Security
This is security issue

  
Type
Testing
Issue or pull request related to testing

No Label
Priority
Critical
Priority
High
Priority
Low
Priority
Normal
Reviewed
Confirmed
Reviewed
Duplicate
Reviewed
Invalid
Reviewed
Won't Fix
Status
Abandoned
Status
Blocked
Status
Need More Info
Type
Breaking
Type
Bug
Type
Documentation
Type
Enhancement
Type
Feature
Type
Security
Type
Testing
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: infrastructure/extensions-website#77
No description provided.
Delete Branch "scan-file"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?