admin/handlevirus.php

   1 <?php
   2 /** This expects the output from a command like
   3  * clamscan -r --infected --no-summary <files> 2>&1 | php -d error_log=/path/to/log thisfile.php
   4  * also it's important that the output of clamscan prints the FULL PATH to each infected file, so use absolute paths for area to scan
   5  * also it should be run as root, or whatever the webserver runs as so that it has the right permissions in the quarantine dir etc.
   6  * php -d error_log=/path/to/log thisfile.php will override the default error log for php cli, which is stderr, so if you want this script to just print stuff out, use php thisfile.php instead.
   7  */
   8
   9 die('TODO: MDL-19380');
  10
  11 $fd = fopen('php://stdin','r');
  12 if (!$fd) {
  13     exit();
  14 }
  15
  16 require_once(dirname(dirname(__FILE__)).'/config.php');
  17 require_once($CFG->libdir.'/eventslib.php');
  18 require_once($CFG->dirroot.'/lib/uploadlib.php'); // contains virus handling stuff.
  19
  20 $site = get_site();
  21
  22 while(!feof($fd)) {
  23     $entry = fgets($fd);
  24     if (strlen(trim($entry)) == 0) {
  25         continue;
  26     }
  27     if (!$file = validate_line($entry)) {
  28         continue;
  29     }
  30     $bits = explode('/',$file);
  31     $a->filename = $bits[count($bits)-1];
  32
  33     if (!$log = $DB->get_record("log", array("module"=>"upload", "info"=>$file, "action"=>"upload"))) {
  34         $a->action = clam_handle_infected_file($file,0,false);
  35         clam_replace_infected_file($file);
  36         notify_admins_unknown($file,$a);
  37         continue;
  38     }
  39     $action = clam_handle_infected_file($file,$log->userid,true);
  40     clam_replace_infected_file($file);
  41
  42     list($ctxselect, $ctxjoin) = context_instance_preload_sql('c.id', CONTEXT_COURSE, 'ctx');
  43     $sql = "SELECT c.id, c.fullname $ctxselect FROM {course} c $ctxjoin WHERE c.id = :courseid";
  44     $course = $DB->get_record_sql($sql, array('courseid' => $log->course));
  45     context_instance_preload($course);
  46
  47     $user = $DB->get_record("user", array("id"=>$log->userid));
  48     $subject = get_string('virusfoundsubject','moodle',format_string($site->fullname));
  49     $a->date = userdate($log->time);
  50
  51     $a->action = $action;
  52     $a->course = format_string($course->fullname, true, array('context' => context_course::instance($course->id)));
  53     $a->user = fullname($user);
  54
  55     notify_user($user,$subject,$a);
  56     notify_admins($user,$subject,$a);
  57 }
  58 fclose($fd);
  59
  60
  61 function notify_user($user,$subject,$a) {
  62
  63     if (!$user) {
  64         return false;
  65     }
  66     $body = get_string('virusfoundlater','moodle',$a);
  67
  68     $eventdata = new stdClass();
  69     $eventdata->modulename        = 'moodle';
  70     $eventdata->userfrom          = get_admin();
  71     $eventdata->userto            = $user;
  72     $eventdata->subject           = $subject;
  73     $eventdata->fullmessage       = $body;
  74     $eventdata->fullmessageformat = FORMAT_PLAIN;
  75     $eventdata->fullmessagehtml   = '';
  76     $eventdata->smallmessage      = '';
  77     message_send($eventdata);
  78 }
  79
  80
  81 function notify_admins($user,$subject,$a) {
  82
  83     $admins = get_admins();
  84
  85     $body = get_string('virusfoundlateradmin','moodle',$a);
  86     foreach ($admins as $admin) {
  87         $eventdata = new stdClass();
  88         $eventdata->modulename        = 'moodle';
  89         $eventdata->userfrom          = get_admin();
  90         $eventdata->userto            = $admin;
  91         $eventdata->subject           = $subject;
  92         $eventdata->fullmessage       = $body;
  93         $eventdata->fullmessageformat = FORMAT_PLAIN;
  94         $eventdata->fullmessagehtml   = '';
  95         $eventdata->smallmessage      = '';
  96         message_send($eventdata);
  97     }
  98 }
  99
 100 function notify_admins_unknown($file,$a) {
 101
 102     global $site;
 103
 104     $admins = get_admins();
 105     $subject = get_string('virusfoundsubject','moodle',format_string($site->fullname));
 106     $body = get_string('virusfoundlateradminnolog','moodle',$a);
 107     foreach ($admins as $admin) {
 108         $eventdata = new stdClass();
 109         $eventdata->modulename        = 'moodle';
 110         $eventdata->userfrom          = get_admin();
 111         $eventdata->userto            = $admin;
 112         $eventdata->subject           = $subject;
 113         $eventdata->fullmessage       = $body;
 114         $eventdata->fullmessageformat = FORMAT_PLAIN;
 115         $eventdata->fullmessagehtml   = '';
 116         $eventdata->smallmessage      = '';
 117         message_send($eventdata);
 118     }
 119 }
 120
 121 function validate_line($line) {
 122     global $CFG;
 123     if (strpos($line,"FOUND") === false) {
 124         return false;
 125     }
 126     $index = strpos($line,":");
 127     $file = substr($line,0,$index);
 128     if (!(strpos($file,$CFG->dataroot) === false)) {
 129         if (!file_exists($file)) {
 130             return false;
 131         }
 132     }
 133     else {
 134         if ($file{0} == "/") {
 135             $file = $CFG->dataroot.$file;
 136         }
 137         else {
 138             $file = $CFG->dataroot."/".$file;
 139         }
 140         if (!file_exists($file)) {
 141             return false;
 142         }
 143     }
 144     // clean up
 145     $file = preg_replace('/\.\//','/',$file);
 146     $file = preg_replace('/\/\//','/',$file);
 147     return $file;
 148 }
 149
 150