On 11/20/2013 01:59 PM, Daniel Berteaud wrote: > Unfortunatly, Github BT doesn't allow attachment of patches in issues, > so, I'm posting it here. Here's a simple patch to scan uploads using > ClamAV. It's quite minimal for now
Thanks for the patch. Posting it here is fine. > - it's limited to grant uploads (but it's easy to also add it for > tickets) > > - if a virus is found, the interface will display the generic internal > error message. Would be better to tell the user a virus was found, but I > don't know how to propagate the info in uploadErrorStr (sorry, I'm not a > PHP guru ;-)) > > - I've only tested on a local clamd process using a UNIX socket. It > might work with a TCP socket (in which case clamd could also run on a > separate machine) > > Comments are welcom :-) One of my ideas was to refactor a bit the code that handles notifications. I was envisioning 2 classes for "pre-upload-hook" and "post-upload-hook" respectively. pre-upload would be called after the upload, but before accepting the ticket/grant. This would allow you to reject the upload based on some rules. post-upload would be called after accepting (thus giving you a ticket id), as a way to implement notifications. pre-upload-hook could be responsible to implement quota limits (many people requested that) and AV scanning. post-upload would replace the currently hard-coded e-mail notifications, and maybe later implement "web notifications". The biggest advantage is mainly code clarity. Just one class to implement instead of adding stuff throughout the code. I implemented several custom plugins for RoundCube and something simple similar to theirs would be my aim. If you think you would like to rework the code on top of that, I would suggest you to post your other fixes as well, so that I can release the current code and work on the next iteration.
