ocis: File uploaded even if antivirus service encounters errors

Describe the bug

If the Antivirus check is configured the file is uploaded even if the processing of the file fails due to errors.

Steps to reproduce

Steps to reproduce the behavior:

  1. Setup a system with the attached docker-compose.yml
  2. Log in
  3. Upload a file

Expected behavior

With the error in the log I would also expect an error in the UI.

Actual behavior

Error in the log:

ocis_clamav-ocis-1  | {"level":"info","service":"antivirus","traceID":"00000000000000000000000000000000","time":"2023-08-31T09:40:30.362090509Z","line":"github.com/owncloud/ocis/v2/services/antivirus/pkg/service/service.go:132","message":"TraceID"}
ocis_clamav-ocis-1  | {"level":"debug","service":"antivirus","uploadid":"9b671f36-20a6-451b-89f6-1f9720ed0c6a","filename":"tux-logo-png-transparent.png","time":"2023-08-31T09:40:30.362115884Z","line":"github.com/owncloud/ocis/v2/services/antivirus/pkg/service/service.go:160","message":"Starting virus scan."}
ocis_clamav-ocis-1  | {"level":"info","service":"frontend","pkg":"rhttp","traceid":"00000000000000000000000000000000","time":"2023-08-31T09:40:30.363196509Z","line":"github.com/cs3org/reva/v2@v2.16.1-0.20230828111521-594d4e103741/internal/http/interceptors/auth/auth.go:195","message":"skipping auth check for: /data/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJyZXZhIiwiZXhwIjoxNjkzNTYxMjMwLCJpYXQiOjE2OTM0NzQ4MzAsInRhcmdldCI6Imh0dHA6Ly9sb2NhbGhvc3Q6OTE1OC9kYXRhL3R1cy85YjY3MWYzNi0yMGE2LTQ1MWItODlmNi0xZjk3MjBlZDBjNmEifQ.S1Ahgm1RN7_KTJH7KVRtp_Pe6IsTQmQyQ4dhQJm5e1E"}
ocis_clamav-ocis-1  | {"level":"warn","service":"frontend","pkg":"rhttp","traceid":"00000000000000000000000000000000","time":"2023-08-31T09:40:30.363227967Z","line":"github.com/cs3org/reva/v2@v2.16.1-0.20230828111521-594d4e103741/internal/http/interceptors/auth/auth.go:234","message":"core access token not set"}
ocis_clamav-ocis-1  | {"level":"info","service":"storage-users","pkg":"rhttp","traceid":"00000000000000000000000000000000","time":"2023-08-31T09:40:30.363792717Z","line":"github.com/cs3org/reva/v2@v2.16.1-0.20230828111521-594d4e103741/internal/http/interceptors/auth/auth.go:195","message":"skipping auth check for: /data/tus/9b671f36-20a6-451b-89f6-1f9720ed0c6a"}
ocis_clamav-ocis-1  | {"level":"warn","service":"storage-users","pkg":"rhttp","traceid":"00000000000000000000000000000000","time":"2023-08-31T09:40:30.363836509Z","line":"github.com/cs3org/reva/v2@v2.16.1-0.20230828111521-594d4e103741/internal/http/interceptors/auth/auth.go:234","message":"core access token not set"}
ocis_clamav-ocis-1  | {"level":"warn","service":"storage-users","pkg":"rhttp","traceid":"00000000000000000000000000000000","host":"127.0.0.1","method":"GET","uri":"/data/tus/9b671f36-20a6-451b-89f6-1f9720ed0c6a","url":"/9b671f36-20a6-451b-89f6-1f9720ed0c6a","proto":"HTTP/1.1","status":404,"size":17,"start":"31/Aug/2023:09:40:30 +0000","end":"31/Aug/2023:09:40:30 +0000","time_ns":276375,"time":"2023-08-31T09:40:30.364089676Z","line":"github.com/cs3org/reva/v2@v2.16.1-0.20230828111521-594d4e103741/internal/http/interceptors/log/log.go:112","message":"http"}
ocis_clamav-ocis-1  | {"level":"warn","service":"frontend","pkg":"rhttp","traceid":"00000000000000000000000000000000","host":"127.0.0.1","method":"GET","uri":"/data/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJyZXZhIiwiZXhwIjoxNjkzNTYxMjMwLCJpYXQiOjE2OTM0NzQ4MzAsInRhcmdldCI6Imh0dHA6Ly9sb2NhbGhvc3Q6OTE1OC9kYXRhL3R1cy85YjY3MWYzNi0yMGE2LTQ1MWItODlmNi0xZjk3MjBlZDBjNmEifQ.S1Ahgm1RN7_KTJH7KVRtp_Pe6IsTQmQyQ4dhQJm5e1E","url":"/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJyZXZhIiwiZXhwIjoxNjkzNTYxMjMwLCJpYXQiOjE2OTM0NzQ4MzAsInRhcmdldCI6Imh0dHA6Ly9sb2NhbGhvc3Q6OTE1OC9kYXRhL3R1cy85YjY3MWYzNi0yMGE2LTQ1MWItODlmNi0xZjk3MjBlZDBjNmEifQ.S1Ahgm1RN7_KTJH7KVRtp_Pe6IsTQmQyQ4dhQJm5e1E","proto":"HTTP/1.1","status":404,"size":0,"start":"31/Aug/2023:09:40:30 +0000","end":"31/Aug/2023:09:40:30 +0000","time_ns":1079083,"time":"2023-08-31T09:40:30.364276884Z","line":"github.com/cs3org/reva/v2@v2.16.1-0.20230828111521-594d4e103741/internal/http/interceptors/log/log.go:112","message":"http"}
ocis_clamav-ocis-1  | {"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"81a9787b816d/XBJpX9WeDB-000342","remote-addr":"127.0.0.1:44592","method":"GET","status":404,"path":"/data/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJyZXZhIiwiZXhwIjoxNjkzNTYxMjMwLCJpYXQiOjE2OTM0NzQ4MzAsInRhcmdldCI6Imh0dHA6Ly9sb2NhbGhvc3Q6OTE1OC9kYXRhL3R1cy85YjY3MWYzNi0yMGE2LTQ1MWItODlmNi0xZjk3MjBlZDBjNmEifQ.S1Ahgm1RN7_KTJH7KVRtp_Pe6IsTQmQyQ4dhQJm5e1E","duration":1.437416,"bytes":0,"time":"2023-08-31T09:40:30.364370759Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:31","message":"access-log"}
ocis_clamav-ocis-1  | {"level":"error","service":"antivirus","error":"unexpected status code from Download 404","uploadid":"9b671f36-20a6-451b-89f6-1f9720ed0c6a","time":"2023-08-31T09:40:30.364450592Z","line":"github.com/owncloud/ocis/v2/services/antivirus/pkg/service/service.go:217","message":"error downloading file"}
ocis_clamav-ocis-1  | {"level":"info","service":"antivirus","uploadid":"9b671f36-20a6-451b-89f6-1f9720ed0c6a","resourceID":{"opaque_id":"c1a1a31d-a196-4500-a412-1159ecd0a033","space_id":"1309a596-84a9-4d90-bcc9-31c52b89f317"},"virus":"","outcome":"abort","filename":"tux-logo-png-transparent.png","user":"1309a596-84a9-4d90-bcc9-31c52b89f317","infected":false,"time":"2023-08-31T09:40:30.364503592Z","line":"github.com/owncloud/ocis/v2/services/antivirus/pkg/service/service.go:177","message":"File scanned"}

But file uploaded.

Setup

Use the docker-compose file:

docker-compose.yml.zip

And the Dockerfile + etc from clamav:

Archive.zip

About this issue

  • Original URL
  • State: open
  • Created 10 months ago
  • Comments: 15 (8 by maintainers)

Most upvoted comments

Oh I absolutely agree. 👍 Just saying that there is a usecase for antivirus without async uploads.

+1
kobergj on Aug 31, 2023
Read more comments on GitHub
← ocis: etags don't propagate correctly sometimes
ocis: file_target does not contain Share folder →