AntiVirus scan uploading files from home to OOD servers via web interface

christopherwelsh · April 6, 2020, 9:59am

Hi Folks,
I love the idea of clients uploading files from their workstation to their home directory on their server. Now tht a great number of staff are working from home we would like to mitigate the risk of them uploading files with viruses on them. Has anyone integrated clamav or some other anti virus into the upload stream of OOD. Love to her about it.

Alternatively, how could I disable the upload feature to prevent uploads? Thx.

Christopher

christopherwelsh · April 7, 2020, 11:32am

Hi Folks,
Has anyone had to address this kind of use case?

efranz · April 7, 2020, 12:14pm

Right now you can set in /etc/ood/config/apps/files/env this:

FILE_UPLOAD_MAX=0

If you try to upload a file you then will just get an error message:

screen 2020-04-07 at 8.09.33 AM
screen 2020-04-07 at 8.09.42 AM

I opened https://github.com/OSC/ondemand/issues/471 to track this desired feature. We are likely going to do a files app revamp in OnDemand 2.0 and this will be included as a requirement (as all the other community requested features).

christopherwelsh · April 9, 2020, 6:29am

Hi Efranz,

Thanks for the speedy update. I’ll look forward to hearing if this feature is icluded in the v2 release of open ondemand. Thinking out aloud here but some kind of plugin that sends files up through a networded AV server service may be one way of doing this.

Cheers, Christopher

alanc · April 9, 2020, 11:49am

Christopher:

I’m curious how you all prevent clients from uploading files already via scp or sftp or similar? Or do you have a workflow to somehow scan those? If so, we can likely leverage that.

christopherwelsh · April 15, 2020, 12:45am

Hi folks,

This was the sort of approach that I thought could be applied to OOD 1.x.x to detect a virus when staff upload from their remote computer using the “files” tool. I have never tried this but suspect there is a risk that it could slow the upload of large files down a bit.

https://github.com/ ifad / clammit

Alternatively, perhaps there is a way for scanning the file when it uploads to the TMP/buffer directory

/var/lib/ondemand-nginx/tmp//client_body

Just some thoughts

regards,

Christopher

christopherwelsh · May 18, 2020, 2:56am

Hi mate,

Is there also an "FILE_DOWNLOAD_MAX=0?

can the zero be replaced with a specific file size limit?

Chx

mario · May 18, 2020, 5:34pm

@christopherwelsh We have a pull request open for setting maximum upload size, here is the PR: https://github.com/OSC/ondemand/pull/502

mario · May 18, 2020, 7:11pm

@christopherwelsh I misunderstood your comment, I now understand that you’re asking for the file browser application to be aware of the maximum download limit.

I made an issue for this, track the progress on GitHub: https://github.com/OSC/ondemand/issues/503

christopherwelsh · May 18, 2020, 10:56pm

Thx

regards,

Christopher Welsh
On his mobile.

Topic		Replies	Views
Is possible to restrict or limit the access to the Files App? Get Help	15	553	November 1, 2022
Option to enable or disable file transfers in the file manager . Restrict who can upload or download data Feature Requests and Roadmap Discussion feature-request	3	1182	November 21, 2022
Disable upload and download of files Get Help question	4	593	April 21, 2024
Files App Alternative Get Help	1	681	October 27, 2023
Adding checks to OOD file browser Get Help feature-request , ondemand2 , question	3	498	May 26, 2022

AntiVirus scan uploading files from home to OOD servers via web interface

Related Topics