ClamAV扫描使用PHP 8 – 不是常规文件

huangapple go评论65阅读模式
英文:

ClamAV scanning with PHP 8 - Not a regular file

问题

我正在将我的所有东西从Ubuntu 20.04迁移到23.04。唯一一件事,长列表中的一件事,我正在努力解决的是一个使用ClamAV来扫描上传文件的Web表单。在旧服务器上它工作正常。在新服务器上,我坚持不懈地收到以下错误消息:

fd[10]: Not a regular file. ERROR

(这来自于/var/log/clamav/clamav.log),并且它返回代码2给exec命令,并且以下是*$out*的输出:

Array
(
    [0] => /tmp/php0HjwDM: Not a regular file ERROR
    [1] => 
    [2] => ----------- SCAN SUMMARY -----------
    [3] => Infected files: 0
    [4] => Total errors: 1
    [5] => Time: 0.000 sec (0 m 0 s)
    [6] => Start Date: 2023:06:28 17:08:03
    [7] => End Date:   2023:06:28 17:08:03
)

并在移动文件后再次扫描它(用于测试)

Array
(
    [0] => /import/myfile.csv: Not a regular file ERROR
    [1] => 
    [2] => ----------- SCAN SUMMARY -----------
    [3] => Infected files: 0
    [4] => Total errors: 1
    [5] => Time: 0.000 sec (0 m 0 s)
    [6] => Start Date: 2023:06:28 17:08:03
    [7] => End Date:   2023:06:28 17:08:03
)

以下是测试代码:

if ($_POST) {
$uploadfile = '/import/' . basename($_FILES['userfile']['name']);
$scanpath=escapeshellarg($_FILES['userfile']['tmp_name']);
$cmd='clamdscan --fdpass '.$scanpath;
$retcode=-1;
$out='';
exec($cmd,$out,$retcode);
echo $retcode.'<br /><pre>';
print_r ($out);
echo '</pre>';
echo '<br />Now moving <br />';
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
$cmd='clamdscan --fdpass '.$uploadfile;
$retcode=-1;
$out='';
exec($cmd,$out,$retcode);
echo $retcode.'<br /><pre>';
print_r ($out);
echo '</pre>';
}
?>

<form enctype="multipart/form-data" action="testpost.php" method="POST">
    Send this file: <input name="userfile" type="file" />
    <input type="submit" value="Send File" />
</form>

尝试使用不同的文件类型,尝试配置ClamAV以运行为www-data(在整理套接字文件夹权限后)。尝试使用不同的文件。以上的“移动”和第二次扫描是为了证明上传文件的临时/tmp/版本没有问题。/import/文件夹权限设置为777,仅用于测试。从/import文件夹内部的Shell中运行clamdscan --fdpass myfile.csv工作得很好,以及使用sudo -u www-datasudo -u clamav运行也可以。它只是无法像预期的那样从PHP的exec中运行。它肯定会尝试。我百般寻找解决办法,但都没有找到。虽然其他人似乎遇到了类似的问题,但据我所知,它们与我的问题不同。如有建议,将不胜感激。

2023年6月29日编辑
使用clamscan而不是clamdscan可以正常工作,除非非常(无法工作地)慢:

Array
(
    [0] => /tmp/phpFahZwQ: OK
    [1] => 
    [2] => ----------- SCAN SUMMARY -----------
    [3] => Known viruses: 8669716
    [4] => Engine version: 0.103.8
    [5] => Scanned directories: 0
    [6] => Scanned files: 1
    [7] => Infected files: 0
    [8] => Data scanned: 0.00 MB
    [9] => Data read: 0.00 MB (ratio 0.00:1)
    [10] => Time: 13.043 sec (0 m 13 s)
    [11] => Start Date: 2023:06:29 11:39:06
    [12] => End Date:   2023:06:29 11:39:19
)
英文:

I'm migrating everything I have from Ubuntu 20.04 to 23.04. The one and only thing, in a long list, I'm struggling with is a web form that uses ClamAV to scan uploaded files. On the old server it works fine. On the new server I persistenly get:
fd[10]: Not a regular file. ERROR
(that's from /var/log/clamav/clamav.log) and it returns code 2 to the exec command and the following output from $out

(
    [0] =&gt; /tmp/php0HjwDM: Not a regular file ERROR
    [1] =&gt; 
    [2] =&gt; ----------- SCAN SUMMARY -----------
    [3] =&gt; Infected files: 0
    [4] =&gt; Total errors: 1
    [5] =&gt; Time: 0.000 sec (0 m 0 s)
    [6] =&gt; Start Date: 2023:06:28 17:08:03
    [7] =&gt; End Date:   2023:06:28 17:08:03
)

And after moving the file I then scan it again (for testing)

Array
(
    [0] =&gt; /import/myfile.csv: Not a regular file ERROR
    [1] =&gt; 
    [2] =&gt; ----------- SCAN SUMMARY -----------
    [3] =&gt; Infected files: 0
    [4] =&gt; Total errors: 1
    [5] =&gt; Time: 0.000 sec (0 m 0 s)
    [6] =&gt; Start Date: 2023:06:28 17:08:03
    [7] =&gt; End Date:   2023:06:28 17:08:03
)

Here's the test code:

if ($_POST) {
$uploadfile = &#39;/import/&#39; . basename($_FILES[&#39;userfile&#39;][&#39;name&#39;]);
$scanpath=escapeshellarg($_FILES[&#39;userfile&#39;][&#39;tmp_name&#39;]);
$cmd=&#39;clamdscan --fdpass &#39;.$scanpath;
$retcode=-1;
$out=&#39;&#39;;
exec($cmd,$out,$retcode);
echo $retcode.&#39;&lt;br /&gt;&lt;pre&gt;&#39;;
print_r ($out);
echo &#39;&lt;/pre&gt;&#39;;
echo &#39;&lt;br /&gt;Now moving &lt;br /&gt;&#39;;
move_uploaded_file($_FILES[&#39;userfile&#39;][&#39;tmp_name&#39;], $uploadfile);
$cmd=&#39;clamdscan --fdpass &#39;.$uploadfile;
$retcode=-1;
$out=&#39;&#39;;
exec($cmd,$out,$retcode);
echo $retcode.&#39;&lt;br /&gt;&lt;pre&gt;&#39;;
print_r ($out);
echo &#39;&lt;/pre&gt;&#39;;
}
?&gt;

&lt;form enctype=&quot;multipart/form-data&quot; action=&quot;testpost.php&quot; method=&quot;POST&quot;&gt;
    Send this file: &lt;input name=&quot;userfile&quot; type=&quot;file&quot; /&gt;
    &lt;input type=&quot;submit&quot; value=&quot;Send File&quot; /&gt;
&lt;/form&gt;

Tried with various file types, tried configure clamav to run as www-data (after sorting socket folder permissions). Tried with different files. The "move" and second scan, in the above, was to prove there weren't issues with the temporary /tmp/ version of the uploaded file.
/import/ has 777 permissions just for testing
Running clamdscan --fdpass myfile.csv from a shell from within the /import folder works just fine, as well as doing it with sudo -u www-data or sudo -u clamav. It just won't run as expected from PHP's exec. It certainly tries. Searched in vain for solutions. While other people seem to have had similar issues, they're not the same as far as I can tell.
Any advice would be greatly appreciated.<br />
Edit 29/06/2023<br />
Using clamscan instead of clamdscan works, except it's very (unworkably) slow:

Array
(
    [0] =&gt; /tmp/phpFahZwQ: OK
    [1] =&gt; 
    [2] =&gt; ----------- SCAN SUMMARY -----------
    [3] =&gt; Known viruses: 8669716
    [4] =&gt; Engine version: 0.103.8
    [5] =&gt; Scanned directories: 0
    [6] =&gt; Scanned files: 1
    [7] =&gt; Infected files: 0
    [8] =&gt; Data scanned: 0.00 MB
    [9] =&gt; Data read: 0.00 MB (ratio 0.00:1)
    [10] =&gt; Time: 13.043 sec (0 m 13 s)
    [11] =&gt; Start Date: 2023:06:29 11:39:06
    [12] =&gt; End Date:   2023:06:29 11:39:19
)

答案1

得分: 1

我持续收到以下错误信息:fd[10]:不是常规文件。错误

clamdscan的--fdpass参数将文件描述符权限传递给clamd。据我了解,您使用它的原因是因为clamav用户不同。这个标志的使用场景是什么?

然而,当clamd尝试根据传递的文件描述符扫描时,要么无法对文件描述符(fd)进行fstat,要么它不是常规文件。(参考)

此外,如果FSTAT一开始就失败了,就不会提供有关上一个错误的信息。(参考)

错误消息不允许区分这两种情况,因此人们需要推测是哪种情况,而我们不这样做。

由于您只在PHP环境中遇到问题 - 您没有分享任何细节 - 这是一个阻止clamdscan将文件描述符传递给clamd的问题。例如,文件描述符的不同命名空间。

确保PHP、clamdscan和clamd在系统上具有相同的视图,并且除非它们共享相同的视图,否则不要使用内核的任何隔离功能。

另外,请仔细检查clamd/clamdscan是否已编译为正确的架构并且使用了正确的库。

英文:

> I persistenly get: fd[10]: Not a regular file. ERROR

The clamdscan --fdpass argument passes the file descriptor permissions to clamd. As I understand it, the reason why you use it is as the clamav user is different. Which is the use-case for that flag.

Still, when clamd tries to scan based on the passed file descriptor, it either fails to fstat the file descriptor (fd) or it is not a regular file. (ref.)

Also there is no information provided about the last error if FSTAT would have failed in the first place. (ref.).

The error message does not allow to differentiate between both cases, so one would need to speculate which case it is, which we don't do.

As you only have the problem from within PHP environment - about which you don't have shared any details - it is an issue with that, preventing clamdscan to pass the file descriptor to clamd. E.g. a different namespace for file descriptors.

Ensure both PHP, clamdscan and clamd have the same view on the system and are not using any isolation feature of the kernel unless they share the same.

Additionally double-check clamd/clamdscan have been compiled for the right architecture and are using correct libraries.

答案2

得分: 1

我似乎已经让它运行起来了。我尝试了各种各样的事情,甚至尝试更改clamd以使用其他用户(非常有问题,因为无论权限/所有权如何,都无法访问其套接字文件)。
最后,我运行了以下命令:

dpkg-reconfigure clamav-daemon
service clamav-daemon restart

对于自动重新配置的提示,我回答“No”。希望能够获得提示,但我没有得到任何提示。直接在此之后,它似乎开始工作了,这让我很高兴:

响应代码:0

数组
(
    [0] => /tmp/phpnE5tY2:正常
    [1] => 
    [2] => ----------- 扫描摘要 -----------
    [3] => 感染文件:0
    [4] => 时间:0.005秒(0分钟0秒)
    [5] => 开始日期:2023年06月29日14:50:05
    [6] => 结束日期:2023年06月29日14:50:05
)
英文:

I appear to have got it working. I tried all sorts of things, even changing clamd to use other users (very problematic as couldn't access it's socket file, no matter the permissions/ownership).
In the end I ran

dpkg-reconfigure clamav-daemon
service clamav-daemon restart

I responded "No" to a prompt for automatic reconfiguration. This was in the hopes I'd get prompts, but I didn't get any. Directly after this, it appeared to work though, which I'm happy about:

Response Code: 0

Array
(
    [0] =&gt; /tmp/phpnE5tY2: OK
    [1] =&gt; 
    [2] =&gt; ----------- SCAN SUMMARY -----------
    [3] =&gt; Infected files: 0
    [4] =&gt; Time: 0.005 sec (0 m 0 s)
    [5] =&gt; Start Date: 2023:06:29 14:50:05
    [6] =&gt; End Date:   2023:06:29 14:50:05
)

huangapple
  • 本文由 发表于 2023年6月29日 00:26:44
  • 转载请务必保留本文链接:https://go.coder-hub.com/76575076.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定