Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Virus Scan False Positives #4019

Closed
2 tasks
ninosamson opened this issue Dec 3, 2024 · 0 comments
Closed
2 tasks

Virus Scan False Positives #4019

ninosamson opened this issue Dec 3, 2024 · 0 comments
Assignees
Labels
Bug Something isn't working

Comments

@ninosamson
Copy link
Collaborator

ninosamson commented Dec 3, 2024

Since PT launch, a higher than expected number of uploaded files are failing to upload due to potential virus detection.

Common theme seems to be PDFs. The SABC Appendix 8 form below is a PDF that will get uploaded regularly by students. Need to understand what is being detected and come up with resolution, as it may block other uploads as well.

Possible current error.
"Tue Dec 3 19:04:35 2024 -> instream(10.97.122.202@39440): Heuristics.Limits.Exceeded.MaxFiles FOUND"

https://studentaidbc.ca/sites/all/files/form-library/appendix_8.pdf

Acceptance Criteria

  • Investigate pdfs failing virus scanning and fix
  • Try to update clamav to the most updated version (nice to have)

image.png

image.png

@ninosamson ninosamson added the Business Items under Business Consideration label Dec 3, 2024
@ninosamson ninosamson changed the title Virus Scan Failing on SABC Form Virus Scan Positive on SABC Form Dec 3, 2024
@ninosamson ninosamson added the Bug Something isn't working label Dec 3, 2024
@ninosamson ninosamson changed the title Virus Scan Positive on SABC Form Virus Scan False Positives Dec 3, 2024
@CarlyCotton CarlyCotton added Dev & Architecture Development and Architecture and removed Business Items under Business Consideration labels Dec 3, 2024
@andrewsignori-aot andrewsignori-aot removed the Dev & Architecture Development and Architecture label Dec 3, 2024
@bidyashish bidyashish self-assigned this Dec 12, 2024
github-merge-queue bot pushed a commit that referenced this issue Dec 18, 2024
**Acceptance Criteria**
- [X] Investigate pdfs failing virus scanning and fix
- [X] Try to update clamav to the most updated version (nice to have)

**Notes**
MaxFiles 100 was causing issue with file being not scanned and using
ClamAV virus Database bank to not scan file.

`
MaxFiles in ClamAV's configuration refers to the maximum number of files
to be scanned within an archive, document, or any other container file.
Here's a detailed explanation:
For example:
If scanning a ZIP file containing 15,000 files with MaxFiles 10000:
Only the first 10,000 files will be scanned
The remaining 5,000 files will be skipped
If AlertExceedsMax is enabled, it will trigger a
"Heuristics.Limits.Exceeded.MaxFiles" alert
`

Update Clam AV Docker from BCGOV Repo
Link:
https://github.com/bcgov/common-hosted-clamav-service/pkgs/container/clamav-unprivileged

Demo: Manual test in Dev using Config update.

![image](https://github.com/user-attachments/assets/96635467-caf6-4db7-adc7-828567d5a963)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug Something isn't working
Projects
None yet
Development

No branches or pull requests

5 participants