Merge branch 'MDL-40604-master' of git://github.com/danpoltawski/moodle
[moodle.git] / admin / handlevirus.php
blobb29392df3b9dc91d8a524e9bb68ce3175f486013
1 <?php
2 /** This expects the output from a command like
3 * clamscan -r --infected --no-summary <files> 2>&1 | php -d error_log=/path/to/log thisfile.php
4 * also it's important that the output of clamscan prints the FULL PATH to each infected file, so use absolute paths for area to scan
5 * also it should be run as root, or whatever the webserver runs as so that it has the right permissions in the quarantine dir etc.
6 * php -d error_log=/path/to/log thisfile.php will override the default error log for php cli, which is stderr, so if you want this script to just print stuff out, use php thisfile.php instead.
7 */
9 die('TODO: MDL-19380');
11 $fd = fopen('php://stdin','r');
12 if (!$fd) {
13 exit();
16 require_once(dirname(dirname(__FILE__)).'/config.php');
17 require_once($CFG->libdir.'/eventslib.php');
18 require_once($CFG->dirroot.'/lib/uploadlib.php'); // contains virus handling stuff.
20 $site = get_site();
22 while(!feof($fd)) {
23 $entry = fgets($fd);
24 if (strlen(trim($entry)) == 0) {
25 continue;
27 if (!$file = validate_line($entry)) {
28 continue;
30 $bits = explode('/',$file);
31 $a->filename = $bits[count($bits)-1];
33 if (!$log = $DB->get_record("log", array("module"=>"upload", "info"=>$file, "action"=>"upload"))) {
34 $a->action = clam_handle_infected_file($file,0,false);
35 clam_replace_infected_file($file);
36 notify_admins_unknown($file,$a);
37 continue;
39 $action = clam_handle_infected_file($file,$log->userid,true);
40 clam_replace_infected_file($file);
42 list($ctxselect, $ctxjoin) = context_instance_preload_sql('c.id', CONTEXT_COURSE, 'ctx');
43 $sql = "SELECT c.id, c.fullname $ctxselect FROM {course} c $ctxjoin WHERE c.id = :courseid";
44 $course = $DB->get_record_sql($sql, array('courseid' => $log->course));
45 context_helper::preload_from_record($course);
47 $user = $DB->get_record("user", array("id"=>$log->userid));
48 $subject = get_string('virusfoundsubject','moodle',format_string($site->fullname));
49 $a->date = userdate($log->time);
51 $a->action = $action;
52 $a->course = format_string($course->fullname, true, array('context' => context_course::instance($course->id)));
53 $a->user = fullname($user);
55 notify_user($user,$subject,$a);
56 notify_admins($user,$subject,$a);
58 fclose($fd);
61 function notify_user($user,$subject,$a) {
63 if (!$user) {
64 return false;
66 $body = get_string('virusfoundlater','moodle',$a);
68 $eventdata = new stdClass();
69 $eventdata->modulename = 'moodle';
70 $eventdata->userfrom = get_admin();
71 $eventdata->userto = $user;
72 $eventdata->subject = $subject;
73 $eventdata->fullmessage = $body;
74 $eventdata->fullmessageformat = FORMAT_PLAIN;
75 $eventdata->fullmessagehtml = '';
76 $eventdata->smallmessage = '';
77 message_send($eventdata);
81 function notify_admins($user,$subject,$a) {
83 $admins = get_admins();
85 $body = get_string('virusfoundlateradmin','moodle',$a);
86 foreach ($admins as $admin) {
87 $eventdata = new stdClass();
88 $eventdata->modulename = 'moodle';
89 $eventdata->userfrom = get_admin();
90 $eventdata->userto = $admin;
91 $eventdata->subject = $subject;
92 $eventdata->fullmessage = $body;
93 $eventdata->fullmessageformat = FORMAT_PLAIN;
94 $eventdata->fullmessagehtml = '';
95 $eventdata->smallmessage = '';
96 message_send($eventdata);
100 function notify_admins_unknown($file,$a) {
102 global $site;
104 $admins = get_admins();
105 $subject = get_string('virusfoundsubject','moodle',format_string($site->fullname));
106 $body = get_string('virusfoundlateradminnolog','moodle',$a);
107 foreach ($admins as $admin) {
108 $eventdata = new stdClass();
109 $eventdata->modulename = 'moodle';
110 $eventdata->userfrom = get_admin();
111 $eventdata->userto = $admin;
112 $eventdata->subject = $subject;
113 $eventdata->fullmessage = $body;
114 $eventdata->fullmessageformat = FORMAT_PLAIN;
115 $eventdata->fullmessagehtml = '';
116 $eventdata->smallmessage = '';
117 message_send($eventdata);
121 function validate_line($line) {
122 global $CFG;
123 if (strpos($line,"FOUND") === false) {
124 return false;
126 $index = strpos($line,":");
127 $file = substr($line,0,$index);
128 if (!(strpos($file,$CFG->dataroot) === false)) {
129 if (!file_exists($file)) {
130 return false;
133 else {
134 if ($file{0} == "/") {
135 $file = $CFG->dataroot.$file;
137 else {
138 $file = $CFG->dataroot."/".$file;
140 if (!file_exists($file)) {
141 return false;
144 // clean up
145 $file = preg_replace('/\.\//','/',$file);
146 $file = preg_replace('/\/\//','/',$file);
147 return $file;