Background scan finds infected file but does not delete it.
doftnet opened this issue · comments
Steps to reproduce
- create virus.txt with EICAR test string
- wait until background scan runs
- get notification that infected file was found and deleted.
Expected behaviour
The file should no longer exist
Actual behaviour
The file remains, and is detected again the next time a background scan runs. Error gets logged, and a cron notification gets sent to local mailbox
Server configuration
Operating system:
OpenSUSE Tumbleweed 20230116
Web server:
Apache 2.4.54
Database:
PostgreSQL 14.6
PHP version:
8.1.14
Nextcloud version:
24.0.9
Where did you install Nextcloud from:
Sources from Nextcloud
List of activated apps:
- accessibility: 1.10.0
- activity: 2.16.0
- admin_audit: 1.14.0
- apporder: 0.15.0
- audioplayer: 3.3.1
- bookmarks: 11.0.4
- bruteforcesettings: 2.4.0
- calendar: 3.5.4
- checksum: 1.2.0
- circles: 24.0.1
- cloud_federation_api: 1.7.0
- cms_pico: 1.0.20
- comments: 1.14.0
- contacts: 4.2.3
- contactsinteraction: 1.5.0
- cospend: 1.4.10
- dashboard: 7.4.0
- dav: 1.22.0
- dicomviewer: 1.2.4
- duplicatefinder: 0.0.15
- event_update_notification: 2.0.0
- external: 4.0.1
- extract: 1.3.5
- federatedfilesharing: 1.14.0
- federation: 1.14.0
- files: 1.19.0
- files_antivirus: 4.0.2
- files_downloadactivity: 1.15.0
- files_external: 1.16.1
- files_fulltextsearch: 24.0.1
- files_fulltextsearch_tesseract: 24.0.0
- files_markdown: 2.3.6
- files_pdfviewer: 2.5.0
- files_rightclick: 1.3.0
- files_sharing: 1.16.2
- files_texteditor: 2.15.0
- files_trackdownloads: 1.11.0
- files_trashbin: 1.14.0
- files_versions: 1.17.0
- fileslibreofficeedit: 1.1.0
- firstrunwizard: 2.13.0
- forms: 2.5.1
- fulltextsearch: 24.0.0
- fulltextsearch_elasticsearch: 24.0.1
- impersonate: 1.11.0
- integration_reddit: 1.0.5
- integration_twitter: 1.0.3
- ldap_write_support: 1.6.0
- logreader: 2.9.0
- lookup_server_connector: 1.12.0
- maps: 0.2.2
- metadata: 0.17.0
- nextcloud_announcements: 1.13.0
- notifications: 2.12.1
- oauth2: 1.12.0
- occweb: 0.1.0
- openhab: 0.12.0
- password_policy: 1.14.0
- passwords: 2022.12.21
- passwords_handbook: 2023.1.23
- phonetrack: 0.7.4
- photos: 1.6.0
- previewgenerator: 5.1.1
- privacy: 1.8.0
- provisioning_api: 1.14.0
- recommendations: 1.3.0
- richdocuments: 6.3.3
- serverinfo: 1.14.0
- settings: 1.6.0
- sharebymail: 1.14.0
- socialsharing_diaspora: 2.5.0
- socialsharing_email: 2.5.0
- socialsharing_facebook: 2.5.0
- socialsharing_twitter: 2.5.0
- spreed: 14.0.8
- support: 1.7.0
- survey_client: 1.12.0
- systemtags: 1.14.0
- tasks: 0.14.5
- telephoneprovider: 1.0.3
- theming: 1.15.0
- transfer: 0.6.0
- twofactor_backupcodes: 1.13.0
- twofactor_email: 2.7.1
- twofactor_gateway: 0.20.0
- twofactor_nextcloud_notification: 3.4.0
- twofactor_totp: 6.4.1
- updatenotification: 1.14.0
- user_ldap: 1.14.1
- user_status: 1.4.0
- viewer: 1.8.0
- weather_status: 1.4.0
- welcome: 1.0.6
- workflowengine: 2.6.0
Nextcloud configuration:
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"*.doft.net",
"doft.net",
"doftnet.enterprises"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "pgsql",
"version": "24.0.9.2",
"overwrite.cli.url": "https:\/\/cloud.doft.net",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "5432",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"lost_password_link": "https:\/\/doft.net\/password",
"mail_smtpmode": "smtp",
"mail_smtpsecure": "tls",
"mail_sendmailmode": "smtp",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauth": 1,
"mail_smtpauthtype": "PLAIN",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "587",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"memcache.local": "\\OC\\Memcache\\APCu",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 6379,
"dbindex": 0,
"password": "***REMOVED SENSITIVE VALUE***"
},
"memcache.locking": "\\OC\\Memcache\\Redis",
"ldapIgnoreNamingRules": false,
"ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
"maintenance": false,
"theme": "",
"loglevel": "2",
"app_install_overwrite": [
"occweb",
"beame_insta_ssl",
"cms_pico",
"telephoneprovider",
"dicomviewer",
"twofactor_email",
"files_texteditor",
"previewgenerator",
"socialsharing_diaspora",
"socialsharing_email",
"socialsharing_facebook",
"socialsharing_twitter",
"files_trackdownloads",
"openhab",
"ldap_write_support"
],
"updater.release.channel": "stable",
"encryption.key_storage_migrated": false,
"default_phone_region": "US",
"simpleSignUpLink.shown": false
}
}
Client configuration
Browser:
N/A - background scan
Operating system:
N/A - background scan
Logs
Nextcloud log (data/owncloud.log)
{"reqId":"aIo6OWiCbxfFupUHcpFC","level":3,"time":"2023-01-19T06:35:07+00:00","remoteAddr":"","user":"--","app":"files_antivirus","method":"","url":"--","message":"Infected file deleted (during background scan) Win.Test.EICAR_HDB-1 File: 1980580 Account: doft Path: /doft/files/virus.txt","userAgent":"--","version":"24.0.9.2","data":{"app":"files_antivirus"}}
{"reqId":"aIo6OWiCbxfFupUHcpFC","level":3,"time":"2023-01-19T06:35:07+00:00","remoteAddr":"","user":"--","app":"cron","method":"","url":"--","message":"Typed property OCA\\Files_Antivirus\\Item::$appManager must not be accessed before initialization","userAgent":"--","version":"24.0.9.2","exception":{"Exception":"Error","Message":"Typed property OCA\\Files_Antivirus\\Item::$appManager must not be accessed before initialization","Code":0,"Trace":[{"file":"/srv/www/htdocs/nextcloud/apps/files_antivirus/lib/Item.php","line":113,"function":"deleteFile","class":"OCA\\Files_Antivirus\\Item","type":"->"},{"file":"/srv/www/htdocs/nextcloud/apps/files_antivirus/lib/Status.php","line":165,"function":"processInfected","class":"OCA\\Files_Antivirus\\Item","type":"->"},{"file":"/srv/www/htdocs/nextcloud/apps/files_antivirus/lib/BackgroundJob/BackgroundScanner.php","line":314,"function":"dispatch","class":"OCA\\Files_Antivirus\\Status","type":"->"},{"file":"/srv/www/htdocs/nextcloud/apps/files_antivirus/lib/BackgroundJob/BackgroundScanner.php","line":110,"function":"scanOneFile","class":"OCA\\Files_Antivirus\\BackgroundJob\\BackgroundScanner","type":"->"},{"file":"/srv/www/htdocs/nextcloud/lib/public/BackgroundJob/Job.php","line":79,"function":"run","class":"OCA\\Files_Antivirus\\BackgroundJob\\BackgroundScanner","type":"->"},{"file":"/srv/www/htdocs/nextcloud/lib/public/BackgroundJob/TimedJob.php","line":95,"function":"execute","class":"OCP\\BackgroundJob\\Job","type":"->"},{"file":"/srv/www/htdocs/nextcloud/cron.php","line":152,"function":"execute","class":"OCP\\BackgroundJob\\TimedJob","type":"->"}],"File":"/srv/www/htdocs/nextcloud/apps/files_antivirus/lib/Item.php","Line":200,"CustomMessage":"--"}}
Cron Notification
Error: Typed property OCA\Files_Antivirus\Item::$appManager must not be accessed before initialization in /<nextcloud-path>/apps/files_antivirus/lib/Item.php:200
Stack trace:
#0 /<nextcloud-path>/apps/files_antivirus/lib/Item.php(113): OCA\Files_Antivirus\Item->deleteFile()
#1 /<nextcloud-path>/apps/files_antivirus/lib/Status.php(165): OCA\Files_Antivirus\Item->processInfected()
#2 /<nextcloud-path>/apps/files_antivirus/lib/BackgroundJob/BackgroundScanner.php(314): OCA\Files_Antivirus\Status->dispatch()
#3 /<nextcloud-path>/apps/files_antivirus/lib/BackgroundJob/BackgroundScanner.php(110): OCA\Files_Antivirus\BackgroundJob\BackgroundScanner->scanOneFile()
#4 /<nextcloud-path>/lib/public/BackgroundJob/Job.php(79): OCA\Files_Antivirus\BackgroundJob\BackgroundScanner->run()
#5 /<nextcloud-path>/lib/public/BackgroundJob/TimedJob.php(95): OCP\BackgroundJob\Job->execute()
#6 /<nextcloud-path>/cron.php(152): OCP\BackgroundJob\TimedJob->execute()
#7 {main}
Patch is in #267
Testing is very welcome :)
Slaps "easy" button...
Applied and waiting for the next background scan; results forthcoming.
Confirmed. Test file actually deleted. Second copy of test file was also found and deleted as well.