admin/handlevirus.php

   1 <?php
   2 /** This expects the output from a command like
   3  * clamscan -r --infected --no-summary <files> 2>&1 | php -d error_log=/path/to/log thisfile.php
   4  * also it's important that the output of clamscan prints the FULL PATH to each infected file, so use absolute paths for area to scan
   5  * also it should be run as root, or whatever the webserver runs as so that it has the right permissions in the quarantine dir etc.
   6  * php -d error_log=/path/to/log thisfile.php will override the default error log for php cli, which is stderr, so if you want this script to just print stuff out, use php thisfile.php instead.
   7  */
   8
   9 die('TODO: MDL-19380');
  10
  11 $fd = fopen('php://stdin','r');
  12 if (!$fd) {
  13     exit();
  14 }
  15
  16 require_once(dirname(dirname(__FILE__)).'/config.php');
  17 require_once($CFG->libdir.'/eventslib.php');
  18 require_once($CFG->dirroot.'/lib/uploadlib.php'); // contains virus handling stuff.
  19
  20 $site = get_site();
  21
  22 while(!feof($fd)) {
  23     $entry = fgets($fd);
  24     if (strlen(trim($entry)) == 0) {
  25         continue;
  26     }
  27     if (!$file = validate_line($entry)) {
  28         continue;
  29     }
  30     $bits = explode('/',$file);
  31     $a->filename = $bits[count($bits)-1];
  32
  33     if (!$log = $DB->get_record("log", array("module"=>"upload", "info"=>$file, "action"=>"upload"))) {
  34         $a->action = clam_handle_infected_file($file,0,false);
  35         clam_replace_infected_file($file);
  36         notify_admins_unknown($file,$a);
  37         continue;
  38     }
  39     $action = clam_handle_infected_file($file,$log->userid,true);
  40     clam_replace_infected_file($file);
  41
  42     $ctxselect = ', ' . context_helper::get_preload_record_columns_sql('ctx');
  43     $ctxjoin = "LEFT JOIN {context} ctx ON (ctx.instanceid = c.id AND ctx.contextlevel = :contextlevel)";
  44     $sql = "SELECT c.id, c.fullname $ctxselect FROM {course} c $ctxjoin WHERE c.id = :courseid";
  45     $course = $DB->get_record_sql($sql, array('courseid' => $log->course, 'contextlevel' => CONTEXT_COURSE));
  46     context_helper::preload_from_record($course);
  47
  48     $user = $DB->get_record("user", array("id"=>$log->userid));
  49     $subject = get_string('virusfoundsubject','moodle',format_string($site->fullname));
  50     $a->date = userdate($log->time);
  51
  52     $a->action = $action;
  53     $a->course = format_string($course->fullname, true, array('context' => context_course::instance($course->id)));
  54     $a->user = fullname($user);
  55
  56     notify_user($user,$subject,$a);
  57     notify_admins($user,$subject,$a);
  58 }
  59 fclose($fd);
  60
  61
  62 function notify_user($user,$subject,$a) {
  63
  64     if (!$user) {
  65         return false;
  66     }
  67     $body = get_string('virusfoundlater','moodle',$a);
  68
  69     $eventdata = new stdClass();
  70     $eventdata->modulename        = 'moodle';
  71     $eventdata->userfrom          = get_admin();
  72     $eventdata->userto            = $user;
  73     $eventdata->subject           = $subject;
  74     $eventdata->fullmessage       = $body;
  75     $eventdata->fullmessageformat = FORMAT_PLAIN;
  76     $eventdata->fullmessagehtml   = '';
  77     $eventdata->smallmessage      = '';
  78     message_send($eventdata);
  79 }
  80
  81
  82 function notify_admins($user,$subject,$a) {
  83
  84     $admins = get_admins();
  85
  86     $body = get_string('virusfoundlateradmin','moodle',$a);
  87     foreach ($admins as $admin) {
  88         $eventdata = new stdClass();
  89         $eventdata->modulename        = 'moodle';
  90         $eventdata->userfrom          = get_admin();
  91         $eventdata->userto            = $admin;
  92         $eventdata->subject           = $subject;
  93         $eventdata->fullmessage       = $body;
  94         $eventdata->fullmessageformat = FORMAT_PLAIN;
  95         $eventdata->fullmessagehtml   = '';
  96         $eventdata->smallmessage      = '';
  97         message_send($eventdata);
  98     }
  99 }
 100
 101 function notify_admins_unknown($file,$a) {
 102
 103     global $site;
 104
 105     $admins = get_admins();
 106     $subject = get_string('virusfoundsubject','moodle',format_string($site->fullname));
 107     $body = get_string('virusfoundlateradminnolog','moodle',$a);
 108     foreach ($admins as $admin) {
 109         $eventdata = new stdClass();
 110         $eventdata->modulename        = 'moodle';
 111         $eventdata->userfrom          = get_admin();
 112         $eventdata->userto            = $admin;
 113         $eventdata->subject           = $subject;
 114         $eventdata->fullmessage       = $body;
 115         $eventdata->fullmessageformat = FORMAT_PLAIN;
 116         $eventdata->fullmessagehtml   = '';
 117         $eventdata->smallmessage      = '';
 118         message_send($eventdata);
 119     }
 120 }
 121
 122 function validate_line($line) {
 123     global $CFG;
 124     if (strpos($line,"FOUND") === false) {
 125         return false;
 126     }
 127     $index = strpos($line,":");
 128     $file = substr($line,0,$index);
 129     if (!(strpos($file,$CFG->dataroot) === false)) {
 130         if (!file_exists($file)) {
 131             return false;
 132         }
 133     }
 134     else {
 135         if ($file{0} == "/") {
 136             $file = $CFG->dataroot.$file;
 137         }
 138         else {
 139             $file = $CFG->dataroot."/".$file;
 140         }
 141         if (!file_exists($file)) {
 142             return false;
 143         }
 144     }
 145     // clean up
 146     $file = preg_replace('/\.\//','/',$file);
 147     $file = preg_replace('/\/\//','/',$file);
 148     return $file;
 149 }
 150
 151