[MacPorts] #70558: clamav should notify user when a file has been quarantined, esp. for on-access scan

Sat Aug 17 17:57:08 UTC 2024

#70558: clamav should notify user when a file has been quarantined, esp. for on-
access scan
----------------------------+-----------------------
  Reporter:  bernstei       |      Owner:  essandess
      Type:  enhancement    |     Status:  assigned
  Priority:  Normal         |  Milestone:
 Component:  ports          |    Version:
Resolution:                 |   Keywords:
      Port:  clamav-server  |
----------------------------+-----------------------

Comment (by bernstei):

 I've investigated various ways of doing monitoring of the quarantine, some
 of which might have been nice to include with this port, some independent.
 I do finally have code that will pop up notifications if any files are
 added to the Quarantine directory. In the process, I explored using a
 LaunchAgent, Automator workflow, and Folder Action Scripts.

 My preference was for LaunchAgent, since that could be installed system-
 wide by macports (in /Library/LaunchAgents), and it works OK for what it
 is, but cannot get any information on what file was changed, and so has to
 parse the log (from scratch) each time, and presumably keep some sort of
 state so it doesn't duplicate notifications.  The other two options need
 to be installed by the user (copy some sort of script/workflow into a
 particular directory under ~/Library, and configure which directory
 they're monitoring, i.e. /opt/Quarantine)

 The Automator action is _supposed_ to get the changed files as an input,
 but if coded as a separate application launched by Automator, which is the
 only way to make the notifications controllable distinctly from other
 Automator actions, it doesn't actually get this info, so has the same log
 parsing issues, so no advantage over a LaunchAgent.

 Folder Action Scripts is the nicest because it actually gets activated
 with info about which file was quarantined, so it's easy to parse the log
 for info on that file, but it always labels the notifications as coming
 from Script Editor, so they cannot be controlled separately.  If I used a
 plain dialog Window instead of proper notifications, I could label them
 however I want, but then they'd just show up as random dialogs.

 I'm still looking into whether there are any other viable approaches.

 Also, for any of these options, it would be nice if both the on-access and
 scheduled scan logs were user readable, which right now is only true for
 the on-access.  That would require a clamav-server configuration change to
 achieve, I guess, since presumably it sets the logs' permissions.

-- 
Ticket URL: <https://trac.macports.org/ticket/70558#comment:6>
MacPorts <https://www.macports.org/>
Ports system for macOS