Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

clamscan command from the java program gives the exit code 127

ayushi_agrahari
Confirmed Champ
Confirmed Champ

‎03-07-2018 12:29 PM

I am exploring the addon GitHub - fegorama/alfviral: Alfresco Virus Alert 

I am using the COMMAND mode to scan the files for virus.I have the following configuration in alfviral.properties file.

alfviral.mode=COMMAND

alfviral.command.exec=/usr/bin/clamscan

When the following code is executed 

ProcessBuilder pb = new ProcessBuilder(this.command);
Process process = pb.start();
res = process.waitFor();

   logger.debug(" ++++++the value of res is++++++++"+res);

and uploaded a file of mimetype application/x-dosexec,I got the following logs

2018-03-07 19:12:38,753 DEBUG com.fegor.alfresco.services.AntivirusServiceImpl: [Type: application/x-dosexec]
com.fegor.alfresco.services.AntivirusServiceImpl: [Mode: COMMAND]
2018-03-07 19:12:38,753 DEBUG  [security.antivirus.CommandScan] [http-apr-8080-exec-10] ++++++the value of res is++++++++127

So,when I have done a little bit of googling,I have understood that 127 is a special exit code which means that the command is not found.

I am surprised that logs are showing that the command is not found because when I have directly run the clamscan on a file,it is working perfectly and showing that the file is infected if the file is infected and clean if the file is not infected.

ayushi@ayushi-GA-78LMT-S2PT:~$ clamscan ~/Downloads/stepup.exe
/home/ayushi/Downloads/stepup.exe: OK

----------- SCAN SUMMARY -----------
Known viruses: 6431792
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 9.14 MB
Data read: 2.46 MB (ratio 3.72:1)
Time: 13.816 sec (0 m 13 s)

Also,when I have scanned the file with virustotal mode,it is working perfectly.

Labels:
0 Kudos
21 REPLIES 21

fegor
Star Collaborator
Star Collaborator
In response to ayushi_agrahari

‎03-26-2018 05:18 PM

Hi!

I tested Alfviral with:

Ubuntu Linux 14.04 Server (VirtualBox)

Alfresco 5.2.3

Alfviral 1.4.0-SNAPSHOT

ClamAV 0.99.4

I have this parameters in alfviral.properties (in subsystems/Security/alfviral):

alfviral.command.exec=/usr/bin/clamscan

alfviral.mode=COMMAND

And work fine!

The log:


2018-03-25 18:41:45,955 INFO [web.site.EditionInterceptor] [http-apr-8080-exec-1] Successfully retrieved license information from Alfresco.
2018-03-25 18:41:49,453 DEBUG [alfresco.behavior.OnUpdateReadScan] [http-apr-8080-exec-2] NodeRef Id: d6e590c9-63b8-478f-9980-fc66418baad2
2018-03-25 18:41:49,464 ERROR [alfresco.services.AntivirusServiceImpl] [http-apr-8080-exec-2] Property alfviral.file.only_or_exceptions not is 'only' or 'exceptions'
2018-03-25 18:42:22,778 INFO [web.scripts.SyncModeConfig] [http-apr-8080-exec-1] Successfully retrieved Sync Mode configuration from Alfresco: OFF
2018-03-25 18:43:49,742 DEBUG [alfresco.behavior.OnUpdateReadScan] [http-apr-8080-exec-4] NodeRef Id: 51f48a46-2bc4-4088-88d8-fdea52837466
2018-03-25 18:43:49,744 DEBUG [alfresco.services.AntivirusServiceImpl] [http-apr-8080-exec-4] com.fegor.alfresco.services.AntivirusServiceImpl: [NodeRef: 51f48a46-2bc4-4088-88d8-fdea52837466]
2018-03-25 18:43:49,745 DEBUG [alfresco.services.AntivirusServiceImpl] [http-apr-8080-exec-4] com.fegor.alfresco.services.AntivirusServiceImpl: [File: /opt/alfresco-content-services/alf_data/contentstore/2018/3/25/18/43/14af3c32-b92d-42c3-8bd8-b6fee7045a2e.bin]
2018-03-25 18:43:49,746 DEBUG [alfresco.services.AntivirusServiceImpl] [http-apr-8080-exec-4] com.fegor.alfresco.services.AntivirusServiceImpl: [Type: application/octet-stream]
2018-03-25 18:43:49,746 DEBUG [alfresco.services.AntivirusServiceImpl] [http-apr-8080-exec-4] com.fegor.alfresco.services.AntivirusServiceImpl: [Mode: COMMAND]
2018-03-25 18:43:49,747 DEBUG [security.antivirus.CommandScan] [http-apr-8080-exec-4] Command: [/usr/bin/clamscan, /opt/alfresco-content-services/alf_data/contentstore/2018/3/25/18/43/14af3c32-b92d-42c3-8bd8-b6fee7045a2e.bin]
2018-03-25 18:43:49,759 INFO [security.antivirus.CommandScan] [http-apr-8080-exec-4] com.fegor.alfresco.security.antivirus.CommandScan: [Aspect SCANNED_FROM_COMMAND assigned for 51f48a46-2bc4-4088-88d8-fdea52837466]
2018-03-25 18:43:49,760 INFO [alfresco.services.AntivirusServiceImpl] [http-apr-8080-exec-4] com.fegor.alfresco.services.AntivirusServiceImpl: [ALERT File: store://2018/3/25/18/43/14af3c32-b92d-42c3-8bd8-b6fee7045a2e.bin is infected!]
2018-03-25 18:43:51,295 INFO [alfresco.services.AntivirusServiceImpl] [http-apr-8080-exec-4] com.fegor.alfresco.services.AntivirusServiceImpl: [Sending notify mail notify of infected to admin@alfresco.com]

Please, can you testing with a bash's script?

For example:

vim /usr/local/bin/custom-clamscan.sh

With:

/usr/bin/clamscan $1

chmod 744 /usr/local/bin/custom-clamscan.sh


And use this in:

alfviral.command.exec=/usr/local/bin/custom-clamscan.sh

Best regards,

Fegor

0 Kudos

ayushi_agrahari
Confirmed Champ
Confirmed Champ

‎03-27-2018 12:20 AM

Fernando González

Hi fegor,

Thanks for testing this.I will test this with the script approach that u have told and let u know the results.can u also tell me why the clamscan is running on parameter $1 as I am new to scripting.

but can u also test it by uploading a file of mimetype application/x-dosexec which is not virus infected and putting the logs logger.debug("+++the value of res is+++"+res) and plz let me know the results.

Best regards

Ayushi Agrahari

0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2025 Khoros, LLC