Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Eclipse Scout » Alert "unsafe file upload" by upload to scout application(Scout Classic V 11)
Alert "unsafe file upload" by upload to scout application [message #1850258] Wed, 23 February 2022 08:10 Go to next message
Felix R is currently offline Felix RFriend
Messages: 22
Registered: January 2015
Junior Member
Hi,

I have this problem after deployment to Linux server.
Local it works.
Upload mit FileChooser.
Tested with Google Chrome and MS Edge - the same issue
Tested with txt and csv files - the same issue
Tested on another machine and another user account - the same issue
File size 300 kb
Respons status 200
Could you please help

thank you
Felix

Report message to a moderator

Re: Alert "unsafe file upload" by upload to scout application [message #1850259 is a reply to message #1850258] Wed, 23 February 2022 08:13 Go to previous messageGo to next message
Matthias OtterbachFriend
Messages: 55
Registered: August 2015
Location: Munich
Member
This message may be triggered by org.eclipse.scout.rt.platform.security.MalwareScanner.scan(BinaryResource), does the server log (probably ui server) show any error/warning messages?

Report message to a moderator

Re: Alert "unsafe file upload" by upload to scout application [message #1850261 is a reply to message #1850259] Wed, 23 February 2022 08:41 Go to previous messageGo to next message
Felix R is currently offline Felix RFriend
Messages: 22
Registered: January 2015
Junior Member
Hi Matthias,

yes, in the log:
MalwareScanner - detected unsafe resource 'filename.csv'

found in doc:
All file uploads in scout are processed in the UploadRequestHandler.
This change adds the new @Bean MalwareScanner to the scout platform
enabling malware scan of all uploaded files using the in-place installed
malware scanner of the target server.
The file to be scanned is copied into the temp folder of the OS andhttps://www.eclipse.org/forums/#
assumes that the installed malware scanner has realtime filesystem check
active and therefore removes unsafe files immediately.

Is it possible to deactivate the scanner for the test?

Report message to a moderator

Re: Alert "unsafe file upload" by upload to scout application [message #1850268 is a reply to message #1850261] Wed, 23 February 2022 11:36 Go to previous messageGo to next message
Felix R is currently offline Felix RFriend
Messages: 22
Registered: January 2015
Junior Member
the problem is fixed.
the creation of tmp file was not possible.
in MalwareScanner.java:
IOUtility.createTempFile("malware-scan", ".tmp", directory, expected);
the directory permissions was false for writing of file

Report message to a moderator

Re: Alert "unsafe file upload" by upload to scout application [message #1850290 is a reply to message #1850261] Thu, 24 February 2022 08:34 Go to previous message
Beat Schwarzentrub is currently offline Beat SchwarzentrubFriend
Messages: 207
Registered: November 2010
Senior Member
Felix R wrote on Wed, 23 February 2022 08:41
Is it possible to deactivate the scanner for the test?


The config property "scout.malwareScanner.path" can be set to a different folder if the default temp directory is not suitable. To change the malware scanner strategy entirely, you have to @Replace the MalwareScanner bean. (There is no "do nothing" strategy out-of-the-box because reducing security should not be made too easy.)

Regards,
Beat

Report message to a moderator

Previous Topic:cannot build git contacts
Next Topic:Populating smartfields and list boxes from a JSON document
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed May 08 13:27:47 GMT 2024

Powered by FUDForum. Page generated in 0.03461 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly