File is not eliminated even when message reads "The file has been removed" on S3 storage (primary)
luisrms69 opened this issue · comments
Steps to reproduce
- Upload test file (using eicar.zip file)
- Setup is as follows: ClamAV Daemon (socket), /var/run/clamav/clamd.ctl, 26214400, -1, -1, Only log
- When file is uploaded the message is correct and the file does not appear on file directory
- Using S3 as primary storage (backblaze b2)
- The file exists on bucket, even when the "virus" is detected and the message is that i was not uploaded
Expected behaviour
Tell us what should happen
The "infected" file should not be in the bucket.
Actual behaviour
Tell us what happens instead
The "infected" file is in the bucket, not on the file directoy, but persists on the bucket. This means now that the infected file will live in the bucket even if the system does not identifies it as existent (it is not listed or accesible anywhere in the UI)
Server configuration
Operating system: Ubuntu 22.04
Web server:. Linux
Database:. MariaDB
PHP version: 8.0.30
Nextcloud version: (see Nextcloud admin page) Nextcloud Hub 5 (27.0.2). Last version Stable channel at this moment
Where did you install Nextcloud from:. Plesk
List of activated apps:
Activity 2.19.0 Destacado
Antivirus for files 5.2.2
Circles 27.0.1 Destacado
Collaborative tags 1.17.0 Destacado
Comments 1.17.0 Destacado
Contacts Interaction 1.8.0 Destacado
Dashboard 7.7.0 Destacado
Deleted files 1.17.0 Destacado
Federation 1.17.0 Destacado
File sharing 1.19.0 Destacado
First run wizard 2.16.0 Destacado
Log Reader 2.12.0 Destacado
Monitoring 1.17.0 Destacado
Nextcloud announcements 1.16.0 Destacado
Notifications 2.15.0 Destacado
Password policy 1.17.0 Destacado
PDF viewer 2.8.0 Destacado
Photos 2.3.0 Destacado
Privacy 1.11.0 Destacado
Recommendations 1.6.0 Destacado
Related Resources 1.2.0 Destacado
Right click 1.6.0 Destacado
Share by mail 1.17.0 Destacado
Support 1.10.0 Destacado
Text 3.8.0 Destacado
Update notification 1.17.0 Destacado
Usage survey 1.15.0 Destacado
User status 1.7.0 Destacado
Versions 1.20.0 Destacado
Weather status 1.7.0 Destacado
ALL APPS ARE UPDATED at this moment
If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your Nextcloud installation folder
Enabled:
- activity: 2.19.0
- calendar: 4.4.5
- circles: 27.0.1
- cloud_federation_api: 1.10.0
- comments: 1.17.0
- contactsinteraction: 1.8.0
- dashboard: 7.7.0
- dav: 1.27.0
- federatedfilesharing: 1.17.0
- federation: 1.17.0
- files: 1.22.0
- files_antivirus: 5.2.2
- files_pdfviewer: 2.8.0
- files_rightclick: 1.6.0
- files_sharing: 1.19.0
- files_trashbin: 1.17.0
- files_versions: 1.20.0
- firstrunwizard: 2.16.0
- logreader: 2.12.0
- lookup_server_connector: 1.15.0
- nextcloud_announcements: 1.16.0
- notifications: 2.15.0
- oauth2: 1.15.1
- password_policy: 1.17.0
- photos: 2.3.0
- privacy: 1.11.0
- provisioning_api: 1.17.0
- recommendations: 1.6.0
- related_resources: 1.2.0
- serverinfo: 1.17.0
- settings: 1.9.0
- sharebymail: 1.17.0
- support: 1.10.0
- survey_client: 1.15.0
- systemtags: 1.17.0
- tasks: 0.15.0
- text: 3.8.0
- theming: 2.2.0
- twofactor_backupcodes: 1.16.0
- updatenotification: 1.17.0
- user_status: 1.7.0
- viewer: 2.1.0
- weather_status: 1.7.0
- workflowengine: 2.9.0
Disabled: - admin_audit: 1.17.0
- bruteforcesettings: 2.7.0
- encryption: 2.15.0
- files_external: 1.19.0
- suspicious_login: 5.0.0
- twofactor_totp: 9.0.0
- user_ldap: 1.17.0
Nextcloud configuration:
If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder
{
"system": {
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost",
"***REMOVED SENSITIVE VALUE***"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "27.0.2.1",
"overwrite.cli.url": "http:\/\/localhost",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"instanceid": "***REMOVED SENSITIVE VALUE***",
"filelocking.enabled": false,
"objectstore": {
"class": "OC\\Files\\ObjectStore\\S3",
"arguments": {
"bucket": "***REMOVED SENSITIVE VALUE***",
"autocreate": true,
"key": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"hostname": "s3.us-east-005.backblazeb2.com",
"port": 443,
"use_ssl": true,
"region": "s3.us-east-005",
"use_path_style": false
}
},
"mail_smtpmode": "smtp",
"mail_smtpsecure": "ssl",
"mail_sendmailmode": "smtp",
"mail_smtpport": "465",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauth": 1,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"maintenance": false
}
}
or
Insert your config.php content here
Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …)
Client configuration
Browser: Chrome
Operating system:
Logs
Nextcloud log (data/owncloud.log)
Insert your Nextcloud log here
Browser log
Insert your browser log here, this could for example include:
a) The javascript console log
b) The network log
c) ...