diff --git a/composer.json b/composer.json index 0ec0b9bd82..e32285a6e5 100644 --- a/composer.json +++ b/composer.json @@ -48,6 +48,7 @@ "drupal/admin_toolbar": "^3.4", "drupal/akamai": "^5.0@RC", "drupal/autologout": "^1.4", + "drupal/clamav": "^2.1", "drupal/config_perms": "^2.1", "drupal/core-composer-scaffold": "~10.4.5", "drupal/core-recommended": "~10.4.5", diff --git a/composer.lock b/composer.lock index c2ada248af..9d3f842c3b 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "4dead694edb10ddd1bf1d7433b64402b", + "content-hash": "df46b30c894ab45e7873d4bf4c83aceb", "packages": [ { "name": "acquia/acsf-tools", @@ -3326,6 +3326,67 @@ "issues": "https://www.drupal.org/project/issues/autologout" } }, + { + "name": "drupal/clamav", + "version": "2.1.0", + "source": { + "type": "git", + "url": "https://git.drupalcode.org/project/clamav.git", + "reference": "2.1.0" + }, + "dist": { + "type": "zip", + "url": "https://ftp.drupal.org/files/projects/clamav-2.1.0.zip", + "reference": "2.1.0", + "shasum": "c0e3e968397b951924123fcf69f6265c10110bcb" + }, + "require": { + "drupal/core": "^10.3 || ^11.0" + }, + "type": "drupal-module", + "extra": { + "drupal": { + "version": "2.1.0", + "datestamp": "1737780013", + "security-coverage": { + "status": "covered", + "message": "Covered by Drupal's security advisory policy" + } + } + }, + "notification-url": "https://packages.drupal.org/8/downloads", + "license": [ + "GPL-2.0-or-later" + ], + "authors": [ + { + "name": "adammalone", + "homepage": "https://www.drupal.org/user/1295980" + }, + { + "name": "James Andres", + "homepage": "https://www.drupal.org/user/33827" + }, + { + "name": "manarth", + "homepage": "https://www.drupal.org/user/321496" + }, + { + "name": "mcdruid", + "homepage": "https://www.drupal.org/user/255969" + }, + { + "name": "vladimiraus", + "homepage": "https://www.drupal.org/user/673120" + } + ], + "description": "Integration with the ClamAV anti-virus scanner.", + "homepage": "https://www.drupal.org/project/clamav", + "support": { + "source": "https://git.drupalcode.org/project/clamav", + "issues": "https://www.drupal.org/project/issues/clamav" + } + }, { "name": "drupal/coder", "version": "8.3.28", diff --git a/docker/web/Dockerfile b/docker/web/Dockerfile index f4d7fcfa43..4eae790124 100644 --- a/docker/web/Dockerfile +++ b/docker/web/Dockerfile @@ -68,6 +68,7 @@ RUN DEBIAN_FRONTEND=noninteractive \ php8.3-zip \ mysql-client-8.0 \ git \ + clamav \ imagemagick \ vim \ zip \ @@ -78,6 +79,9 @@ RUN DEBIAN_FRONTEND=noninteractive \ xvfb \ libgtk-3-0 +# Update ClamAV +RUN freshclam + # Copy up the available sites config. The startup script # manipulates this file based on env vars. COPY ./build/000-default.conf /etc/apache2/sites-available/000-default.conf diff --git a/docroot/profiles/custom/cgov_site/modules/custom/cgov_core/cgov_core.info.yml b/docroot/profiles/custom/cgov_site/modules/custom/cgov_core/cgov_core.info.yml index f085d8f710..140fb56c5e 100644 --- a/docroot/profiles/custom/cgov_site/modules/custom/cgov_core/cgov_core.info.yml +++ b/docroot/profiles/custom/cgov_site/modules/custom/cgov_core/cgov_core.info.yml @@ -6,6 +6,7 @@ core_version_requirement: '^9.4 || ^10' dependencies: - 'cgov_adobe:cgov_adobe' - 'cgov_core:cgov_core' + - 'clamav:clamav' - 'config_perms:config_perms' - 'drupal:block' - 'drupal:block_content' diff --git a/docroot/profiles/custom/cgov_site/modules/custom/cgov_core/cgov_core.install b/docroot/profiles/custom/cgov_site/modules/custom/cgov_core/cgov_core.install index ca37653721..e204569347 100644 --- a/docroot/profiles/custom/cgov_site/modules/custom/cgov_core/cgov_core.install +++ b/docroot/profiles/custom/cgov_site/modules/custom/cgov_core/cgov_core.install @@ -278,3 +278,30 @@ function cgov_core_update_10014() { $installer->install(['nci_ckeditor5_enhancements']); } } + +/** + * Update for Clam AV. (Issue #3755) + */ +function cgov_core_update_10015() { + // Enable clam_av, but only on MEO. + if (!\Drupal::moduleHandler()->moduleExists('clamav') && getenv('AH_ENVIRONMENT_TYPE') === "meo") { + $installer = \Drupal::service('module_installer'); + $installer->install(['clamav']); + + // Make extra sure all our settings are in place. + $config = \Drupal::configFactory()->getEditable('clamav.settings'); + // Specifically enable clamscan scanning only via update hook. + // This prevents scanning from running on lower-tier environments + // at the moment until they are on Acquia Cloud Next. + $config->set('enabled', TRUE); + $config->set('outage_action', 1); + $config->set('scan_mode', 1); + $config->set('verbosity', 0); + $config->set('mode_executable', [ + 'executable_path' => '/usr/bin/clamscan', + 'executable_parameters' => '', + ]); + $config->save(); + + } +} diff --git a/docroot/profiles/custom/cgov_site/modules/custom/cgov_core/config/install/clamav.settings.yml b/docroot/profiles/custom/cgov_site/modules/custom/cgov_core/config/install/clamav.settings.yml new file mode 100644 index 0000000000..2a1b47a716 --- /dev/null +++ b/docroot/profiles/custom/cgov_site/modules/custom/cgov_core/config/install/clamav.settings.yml @@ -0,0 +1,13 @@ +enabled: false +outage_action: 1 +overridden_schemes: { } +scan_mode: 1 +verbosity: 0 +mode_executable: + executable_path: /usr/bin/clamscan + executable_parameters: '' +mode_daemon_tcpip: + hostname: localhost + port: 3310 +mode_daemon_unixsocket: + unixsocket: /var/clamav/clamd