Description of issue or problem I’m having:
Want to migrate data from OJS 3.2.0-3 to OJS 3.3.0-10 version.
Steps I took leading up to the issue:
What I tried to resolve the issue:
Application Version - e.g., OJS 3.1.2:
Additional information, such as screenshots and error log messages if applicable:
Current OJS site is infected with virus / malware
You might want to have a look at our upgrade guide on how to upgrade to the latest version: How to Upgrade
Of course, you’ll want to address your virus/malware issue, and upgrade from a system that is not infected (e.g. restoring a backup - if that’s feasible)
You may want to take steps to secure your site in the future: Securing Your System
Hi Roger @rcgillis,
which leads me to follow up with a suggestion / feature request: Did you think of providing a plugin or hook that interacts with a AV-Scanner (such as ClamAV) when a document is uploaded?
It’s not about that an OJS system itself may be infected, but proliferation of an infected manuscript to the involved parties (editors, reviewers, etc.) may be avoided in the first instance.
Interesting idea. I see the prospect of developing such a plugin has been discussed in brief here: Problems with hacking to my site OJS - #4 by asmecher
@asmecher may be able to speak to the feasibility of developing such a plugin in terms of PKP’s own development priorities and plans. Certainly, anybody who was willing to develop such a plugin and contribute code to that - I’m sure that would be welcome.
There is a ClamAV plugin for OJS, written and maintained by the University of Pittsburgh; the github page is here:
It’s already in the Plugin Gallery but does not have wide compatibility with different versions of OJS. I believe they’re in the process of upgrading their plugins for newer releases of OJS but you’d need to ask them for details.
Public Knowledge Project Team
Thank you for the information, let me try to work on it.
But you didn’t tell me about data migration from one OJS to another? if both are on different hosting servers.
Since you need to use newer version of OJS from your current ones, you need to upgrade your ojs first before doing the migration.
In this thread here, there is some brief instructions for backing up and copying your database: Migrating to New Server - #3 by ACastelletto
You’d have to ensure also that you migrated your OJS directory as well as your
files directory, and its a good idea to have backups of those too: How to Upgrade
Hi @asmecher (and @ctgraham),
There is a ClamAV plugin for OJS
this is great - I’m willing to help in the upgrade of the plugin to OJS 3.3 and also for some internationalisation (de_DE, fr_FR and a few other languages). We also employ ClamAV with our publication repository.
University of Zurich (HOPE)
Hi @mpbraendle. We would love some help translating our locale files for the ClamAv plugin. Are you comfortable working on a pull request to our repository linked above?
I’ve already made a fork and am working on it.
Note that we may have some wording changes for the upcoming 3.3 support, specifically around the asking the admin if they want to accept or reject files where the scanning failed for the executable. Currently we just ask that question with respect to the socket-based connection.
Well, the issue is our PHP developer tried his best but the site keeps going down.
Error is Blank page.
What to do now?
index.php code gets corrupted each time, luckily we have a backup file. But this has become a cat and mouse game now. Each time we update in a few hours it corrupts the index again.
we have now installed ClamAV on our test server (OJS 3.3.0-10) and configured the plugin, both to use the clamscan executable and the clamd socket.
Then I tested submissions using the EICAR test files (both the unzipped and the zipped ones).
When one uses Quicksubmit, both the zipped and unzipped EICAR uploads are immediately blocked. Good so!
However, with standard submission, this did not work out, and the files (whether zipped or unzipped) get through.
Looks like the plugin is not hooking correctly into the upload (which was changed for OJS 3.3):
Please have a look at this.
@ctgraham - also, for the plugin settings dialog, it would be good to mention directly in the phrase for the socket path that unix:// must be prepended to the path. This cost me a lot of time, until I found the hint in the README.md (apart from the fact that we had to give correct ACLs to the socket path for the apache user and that apache must be in the virusgroup group).
@mpbraendle , @rickhoover is still actively working on the 3.3.x support for the plugin, so I’ll ask him to ping you here when it is ready for a practical test.
I have debugged a bit the hook calls when a file is uploaded. For this I added the following on line 279 of lib/pkp/classes/form/Form.inc.php
For Quicksubmit, “submissionfilesuploadform” is loaded.
For standard submits, there is nothing similar, just the submissonsubmitstepforms are rushed through:
[22-Apr-2022 16:01:56 Europe/Zurich] submissionsubmitstep1form
[22-Apr-2022 16:03:21 Europe/Zurich] submissionsubmitstep2form
There is a validate function in lib/pkp/controllers/wizard/fileUpload/form/SubmissionFilesUploadForm.inc.php - but it is not reached probably because the class path is different - what should be used in the HookRegistry::register call for it?
Hmm. Is this the dev-3.3 branch on GitHub? I was referring to master.
Yes, current work is in
dev-3.3, but it is a draft.