Antivirus Application
Category | Application |
Active Installs | 23 |
Rating | |
License | GNU Lesser General Public License 2.1 |
Minimal XWiki version supported | XWiki 13.10 |
Sources | Issues |
The Antivirus Application provides protection for the attachments that are uploaded to XWiki pages by scanning them for viruses and malware infections in 2 phases:
- directly at upload time, canceling the upload operation in case an infected file is detected, thus not allowing the infected file to reach your wiki (and potentially infect any of your users that might download it)
- periodically, once per week (configurable), by scanning all attachments on your wiki (including subwikis), in order to cover the case where a periodically updated virus database would now be able to detect a threat that was previously unknown
In order to scan each file, an antivirus engine is required that is able to perform the various checks and verifications, using different algorithms and an extensive virus database.
ClamAV is the leading open source antivirus solution. The Antivirus Application integrates it and makes it available as its default antivirus engine, but other antivirus engines (i.e. from other well known providers) can easily be implemented and configured to be used by the Antivirus Application.
External Resources
Configuration
Once installed, the Antivirus section will become available, together with configuration options for configuring the connection to the ClamAV antivirus server (default option).
Upload Scanning
After it's configured, the antivirus applications starts working to prevent users from attaching infected files to your wiki's pages.
Periodical Scanning
Whenever an infected attachment is detected during the periodical scan, it is immediately deleted, in order to neutralize the threat. You might ask why it doesn't disinfect the file. ClamAV's FAQ explains the reason for not attempting this. The short answer is that most of the time, infected files are compromised beyond recovery and whatever is left after disinfection is either corrupted or dangerous.
At the end of each periodic scan, a report email is generated and sent to all main wiki admins. The report contains the following information:
- Infected attachments that were detected and automatically deleted
- Infected attachments that failed to be deleted (i.e. might still be a threat), if any
- Errors that occurred during the scan of some attachments
To configure how often the periodic scan is performed (default is once per week), edit the "Antivirus Job"'s "cron expression" from the Scheduler Application's jobs index.
Incidents Log
Each incident (detected during upload) or during a Scheduled Scan, is recorded in the Antivirus Log which is displayed on the same Administration section.
Each incident can be inspected by an admin
Each incident can be deleted individually or all incidents can be deleted at once, using the actions available in the incidents livetable.
Installation Steps
This paid extensions requires XWiki 13.10 or above. In order to install the extension, follow the next steps inside your XWiki instance (on cloud or on premise).
Navigate to the Extension Manager
In the Applications Panel click on "More Applications..." and then "Install new applications...". Alternatively navigate directly to the Administration and select the "Extensions" section.
Install the Extension
Search for the extension you wish to install and use the Install button to install it.
Get a License
Navigate to the "Licenses" section of the Administration, fill your details, look for the extension you just installed in the live table and click the buttons to get a trial license or to buy a license.
Install the License
If you have selected a trial license then you're good and there's nothing else to do. Your trial license is automatically installed.
However if you've selected to buy a license you'll be redirected to a page to perform the payment. At the end you need to come back to the "Licenses" administration section and click on the "Check for Updates" button. This will download and apply the license you bought.
Use the Extension
Start using the Extension! Refer to the extension's documentation to know how to use it.
Installing Paid Apps on Subwikis
If you want to install an application on the whole farm (main wiki + subwikis), you can do so directly from the main wiki’s Extension Manager, as seen below:
Extensions can also be installed only on a particular subwiki by global admins. Subwiki admins will not be able to install these extensions due to their limited rights.
Installing the ClamAV Server
Going further, you will need to install the ClamAV server to accept network connections from XWiki's integration. There are many guides that you can refer to for installation, depending on your operating system. Examples:
The main process is the following:
- Install the clamav daemon (clamd)
- Configure /etc/clamd.d/scan.conf, by making the following changes (if not already done by the installation scripts)
- Comment out the Example line to #Example
- Uncomment the following line: TCPSocket 3310 (use whatever port you like or leave the default)
- Uncomment the following line: TCPAddr 127.0.0.1 (127.0.0.1 if installed on the same machine as the XWiki instance or the server's network IP address, if accepting connections from that network)
- Make sure the clamd service is enabled (to be loaded at boot)
- Note: Running the clamd server will increase RAM usage by 300MB, due to the AV database that is loaded in memory and ready to be used when a request comes in.
- Configure /etc/clamd.d/scan.conf, by making the following changes (if not already done by the installation scripts)
- Install the freshclam update service, update the virus database and enable the freshclam service to keep the database up to date (by default, checks for update every 2 hours).
- Configure /etc/freshclam.conf
- Comment out the Example line to #Example
- Optionally, use a different update schedule by uncommenting the #Checks 24 property and setting the preferred value (e.g. 4, which should be enough)
- Configure /etc/freshclam.conf
Making Sure You Receive Report Emails
In order to make sure the periodic scan infection report is properly sent, check the following steps:
- that your wiki is capable of sending emails by having the main wiki's "Administration > Mail Sending" settings in working order
- that both your user and others that wish to receive the report:
- are part of the main wiki's XWiki.XWikiAdminGroup group
- have filled in a valid email address in their user profile
Testing Your Installation
- Download the EICAR "Standard Anti-Virus Test File" (whichever format you prefer) or use this direct link of the text format, for convenience. It is not a real virus, but only a well known sequence of codes that is an industry standard and used to obtain a basic "virus detected" response from an antivirus engine, for testing or demo purposes and in a safe way. Fore more information, read more about it on the European Institute for Computer Anti-Virus Research's website.
Try to upload the file to an XWiki page. It should fail with a generic error message like the following:
- The server logs should show more details along the following lines:WARN ttachmentUploadedEventListener - Attachment [Attachment xwiki:Main.WebHome@eicar.com-testVirus.txt] found infected with [[Eicar-Test-Signature]] during event [org.xwiki.bridge.event.DocumentUpdatingEvent] by user [xwiki:XWiki.Admin]
WARN c.x.x.w.UploadAction - Saving uploaded file failed
com.xpn.xwiki.XWikiException: Error number 3201 in 3: An Event Listener has cancelled the document save for [xwiki:Main.WebHome]. Reason: [Virus or malware infections found for attachments [{Attachment xwiki:Main.WebHome@eicar.com-testVirus.txt=[Eicar-Test-Signature]}] uploaded by user [xwiki:XWiki.Admin]]
at com.xpn.xwiki.XWiki.saveDocument(XWiki.java:1395) ~[xwiki-platform-legacy-oldcore-6.4.8.jar:na]
...
- The server logs should show more details along the following lines:
- Now go to the main wiki's "Administration >> Antivirus" section and disable Antivirus scanning (i.e. set "Enabled" to "No")
- Upload again the test virus file to a wiki page. This time it will work, because antivirus scanning is disabled and the (fake/test) virus goes undetected.
- Go back to the main wiki's "Administration >> Antivirus" section and re-enable Antivirus scanning (i.e. set "Enabled" to "Yes")
Trigger a periodic scan by going to the main wiki's Scheduler index and triggering the "Antivirus job"* Observe the server logs where it should say that it deleted the previously uploaded fake virus file from both places:
WARN c.x.a.i.AntivirusJob - Deleted infected attachments from document [xwiki:Main.WebHome]: [{eicar.com-testVirus.txt=[Eicar-Test-Signature]}]- Check the Attachments tab of your wiki page to confirm the test virus file was deleted
- Check your email for a report about the deleted infected attachment
Options
The price is per year and varies depending on the support level and the number of users.
Support / Users | 10 | 25 | 50 | 100 | 250 | 500 | 1000 | 2500 | 5000 | 10000 | 20000 |
---|---|---|---|---|---|---|---|---|---|---|---|
Silver |
Benefits
What do you get when you purchase an XWiki extension?
1 year license
By purchasing an XWiki extension license, you'll benefit from it during one year.
Free updates
You benefit from all the extension updates during one year. You are always up to date.
Support included
If you are facing an issue, you can reach the XWiki support. Our team is always available to help.
How to Buy
To buy, install this extension from inside your XWiki instance and follow the instructions.
Release notes
v1.6.1
Upgrades:
- #37 Upgrade Licensor dependency to version 1.25
v1.6
Tasks done:
#35 Upgrade parent to 13.10-3
Upgraded licensing version to 1.24.1.
v1.5
Improvements:
#24 Scheduled scan report displays "IOException: Broken pipe" error for files too large to be scanned.
#25 Ability to configure a maximum file size for which to perform upload scans.
#26 Restart the scan job when the wiki server restarts during the scan.
Update the Licensing dependency version to 1.22.1
v1.4.2
Update the Licensing dependency version to 1.22
v1.4.1
Upgrade the licensor version to 1.20.
v1.4
Update parent version to 11.10.
v1.3.3
Bugs fixes:
#30 The Antivirus application causes Attachment*Events to not be triggered
v1.3.2
Update the Licensing dependency to version 1.16.1.
v1.3.1
Bugs fixed:
#23 Deprecated usage in the logs.
v1.3
Bugs fixed:
#19 Many warnings related to deprecated usage of legacy-style HQL ordinal parameters in console when using the app.
Update parent version to XWiki 9.11.
Update the Licensing dependency to version 1.16.
v1.2.6
Update the Licensing dependency to version 1.14.4.
v1.2.5
Bugs fixed:
#17 The license is not found anymore after a server restart.
v1.2.3
Bugs fixed:
#15 Main wiki configuration changes are ignored in subwikis.
Improvements:
#16 Add start and end date in the scheduled scan report.
v1.2
Improvements:
#12 Option to always send scheduled scan reports, even when no infections are detected.
#13 Include attachments that were failed to be scanned in the scheduled scan report.
v1.1
Bugs fixed:
#3 Multiple Scheduled Scan detections fail to send report email.
New features:
#9 Incidents log.
v1.0
Improvements:
#3 Make it a paid app that is installable with EM (without patches).
v0.2
Improvements:
#1 Translate the application.
#2 Use 'xform half' on the administration form.
Extension details
License
- GNU Lesser General Public License 2.1
Sources
Issues
Type
- xar
Developed by
Compatibility
- Requires XWiki 13.10 or above.
Dependencies
- com.xwiki.antivirus:application-antivirus-clamav-api 1.7.0
- com.xwiki.antivirus:application-antivirus-ui 1.7.0
- org.xwiki.platform:xwiki-platform-uiextension-api 14.10
- org.xwiki.platform:xwiki-platform-localization-script 14.10
- org.xwiki.platform:xwiki-platform-csrf 14.10
- com.xwiki.licensing:application-licensing-licensor-api 1.26