diff --git a/Dockerfile b/Dockerfile index df56291a..634b9ce4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,8 +6,6 @@ USER root RUN apk --no-cache upgrade && \ apk --no-cache add \ bash \ - clamav \ - clamav-daemon \ cmake \ exiftool \ ffmpeg \ @@ -37,11 +35,6 @@ RUN apk --no-cache upgrade && \ # cargo install rbspy && \ echo "******** Packages Installed *********" -RUN sed -i 's/User clamav/User app/g' /etc/clamav/clamd.conf -RUN mkdir -p /var/run/clamav && chown -R app:app /var/run/clamav -RUN mkdir -p /var/log/clamav && chown -R app:app /var/log/clamav -RUN chown -R app:app /var/lib/clamav - RUN wget https://github.com/ImageMagick/ImageMagick/archive/refs/tags/7.1.0-57.tar.gz \ && tar xf 7.1.0-57.tar.gz \ && apk --no-cache add \ @@ -106,6 +99,5 @@ RUN RAILS_ENV=production SECRET_KEY_BASE=`bin/rake secret` DB_ADAPTER=nulldb DAT CMD ./bin/web FROM hyku-web as hyku-worker -RUN freshclam ENV MALLOC_ARENA_MAX=2 CMD ./bin/worker diff --git a/Gemfile b/Gemfile index 47874180..9f09afdd 100644 --- a/Gemfile +++ b/Gemfile @@ -153,5 +153,3 @@ gem 'tether-rails' gem 'validate_url' gem 'hyrax-v2_graph_indexer', "~> 0.5", git: 'https://github.com/scientist-softserv/hyrax-v2_graph_indexer.git', ref: '53b0a2d28868af25d306bc361634439c008892ac' gem 'iiif_print', git: 'https://github.com/scientist-softserv/iiif_print.git' -#clamby (for which interface has been back-ported from Hydra 2.0) -gem 'clamby' diff --git a/Gemfile.lock b/Gemfile.lock index b1919315..c95f5bdd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -364,7 +364,6 @@ GEM citeproc-ruby (1.1.14) citeproc (~> 1.0, >= 1.0.9) csl (~> 1.6) - clamby (1.6.10) clipboard-rails (1.7.1) cocoon (1.2.15) code_analyzer (0.5.2) @@ -1269,7 +1268,6 @@ DEPENDENCIES capybara capybara-screenshot (~> 1.0) carrierwave-aws (~> 1.3) - clamby cocoon codemirror-rails coffee-rails (~> 4.2) diff --git a/app/jobs/attach_files_to_work_job.rb b/app/jobs/attach_files_to_work_job.rb deleted file mode 100644 index 099cd4e9..00000000 --- a/app/jobs/attach_files_to_work_job.rb +++ /dev/null @@ -1,69 +0,0 @@ -# [BL-override] add virus checking to job -# Converts UploadedFiles into FileSets and attaches them to works. -class AttachFilesToWorkJob < Hyrax::ApplicationJob - queue_as Hyrax.config.ingest_queue_name - - # @param [ActiveFedora::Base] work - the work object - # @param [Array] uploaded_files - an array of files to attach - def perform(work, uploaded_files, **work_attributes) - validate_files!(uploaded_files) - depositor = proxy_or_depositor(work) - user = User.find_by_user_key(depositor) - work_permissions = work.permissions.map(&:to_hash) - metadata = visibility_attributes(work_attributes) - uploaded_files.each do |uploaded_file| - # [BL-override] check all files for viruses - STDERR.puts "######################################################" - STDERR.puts " Uploaded_file before virus_check! #{uploaded_file}" - STDERR.puts "######################################################" - virus_check!(uploaded_file) - next if uploaded_file.file_set_uri.present? - STDERR.puts " New file is not infected :) #{uploaded_file}" - actor = Hyrax::Actors::FileSetActor.new(FileSet.create, user) - uploaded_file.update(file_set_uri: actor.file_set.uri) - actor.file_set.permissions_attributes = work_permissions - actor.create_metadata(metadata) - actor.create_content(uploaded_file) - actor.attach_to_work(work) - end - # [BL-override] Log viruses - #rescue VirusDetectedError => error - #Rails.logger.error "Virus encountered while processing work #{work.id}.\n" "\t#{error.message}" - end - - # [BL-override] Add virus detection error class - class VirusDetectedError < RuntimeError; end - - private - - # The attributes used for visibility - sent as initial params to created FileSets. - def visibility_attributes(attributes) - attributes.slice(:visibility, :visibility_during_lease, - :visibility_after_lease, :lease_expiration_date, - :embargo_release_date, :visibility_during_embargo, - :visibility_after_embargo) - end - - def validate_files!(uploaded_files) - uploaded_files.each do |uploaded_file| - next if uploaded_file.is_a? Hyrax::UploadedFile - raise ArgumentError, "Hyrax::UploadedFile required, but #{uploaded_file.class} received: #{uploaded_file.inspect}" - end - end - - ## - # A work with files attached by a proxy user will set the depositor as the intended user - # that the proxy was depositing on behalf of. See tickets #2764, #2902. - def proxy_or_depositor(work) - work.on_behalf_of.presence || work.depositor - end - - # [hyc-override] add virus checking method - def virus_check!(uploaded_file) - rails_root = Rails.root.to_s - return unless Hyc::VirusScanner.infected?("#{rails_root}/public#{uploaded_file.file}") - carrierwave_file = uploaded_file.file.file - carrierwave_file.delete - raise(VirusDetectedError, carrierwave_file.filename) - end -end diff --git a/app/lib/hyc/virus_scanner.rb b/app/lib/hyc/virus_scanner.rb deleted file mode 100644 index 23ed3468..00000000 --- a/app/lib/hyc/virus_scanner.rb +++ /dev/null @@ -1,8 +0,0 @@ -# switching from clamav gem to clamby gem -module Hyc - class VirusScanner < Hydra::Works::VirusScanner - def infected? - Clamby.virus?(file) - end - end -end diff --git a/bin/worker b/bin/worker index 2d33ecb7..b7605486 100755 --- a/bin/worker +++ b/bin/worker @@ -9,4 +9,4 @@ else puts 'DATABASE_URL not set, no pool change needed' end -exec "echo $DATABASE_URL && clamd && bundle exec sidekiq" +exec "echo $DATABASE_URL && bundle exec sidekiq" diff --git a/config/initializers/clamav.rb b/config/initializers/clamav.rb index 43813b6a..7cd26d6a 100644 --- a/config/initializers/clamav.rb +++ b/config/initializers/clamav.rb @@ -1,19 +1 @@ -# Pre Hyrax 3.5 we will overide use of clamav gem and use clamby -# Inspired by https://github.com/UNC-Libraries/hy-c/commit/57c84bd0fdfb9ee8b00cc70194971c3fe9fea265#diff-8b7db4d5cc4b8f6dc8feb7030baa2478 -Hydra::Works.default_system_virus_scanner = Hyc::VirusScanner - -Clamby.configure({ - :check => false, - :daemonize => true, - :config_file => nil, - :error_clamscan_missing => true, - :error_clamscan_client_error => false, - :error_file_missing => true, - :error_file_virus => false, - :fdpass => true, - :stream => false, - :output_level => 'medium', # one of 'off', 'low', 'medium', 'high' - :executable_path_clamscan => 'clamscan', - :executable_path_clamdscan => 'clamdscan', - :executable_path_freshclam => 'freshclam', - }) +ClamAV.instance.loaddb if defined? ClamAV diff --git a/docker-compose.production.yml b/docker-compose.production.yml index 3ec7ab3b..49ea4733 100644 --- a/docker-compose.production.yml +++ b/docker-compose.production.yml @@ -126,7 +126,7 @@ services: target: hyku-worker args: - HYKU_BULKRAX_ENABLED=true - command: clamd && bundle exec sidekiq + command: bundle exec sidekiq depends_on: - check_volumes - db diff --git a/docker-compose.yml b/docker-compose.yml index 00d49c6d..9221cb82 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -77,8 +77,6 @@ services: && runuser -u solr -- solr-foreground" expose: - 8983 -# ports: -# - 8983:8983 volumes: - solr:/var/solr networks: @@ -142,7 +140,7 @@ services: ## With the following line, uncommented during active development, we'll ## run bundle then boot the web-server. ## - command: sh -l -c "bundle && bundle exec puma -v -b tcp://0.0.0.0:3000" + # command: sh -l -c "bundle && bundle exec puma -v -b tcp://0.0.0.0:3000" ## ## Similar to the above, except we will bundle and then tell the container ## to wait. You'll then need to bash into the web container and start the @@ -184,7 +182,7 @@ services: ## ## With the following line, uncommented during active development, we'll ## run bundle then run sidekiq. - command: sh -l -c "clamd && bundle && bundle exec sidekiq" + # command: sh -l -c "bundle && bundle exec sidekiq" ## ## Similar to the above, except we will bundle and then tell the container ## to wait. You'll then need to bash into the worker container and start