feat: Added notification about antivirus alerts (#4629)

Author: shepilov

assets/locales/en.po

@@ -1300,4 +1300,31 @@ msgid "Mail Sharing File Changed Link Text"
 msgstr "See on Twake Drive"
 
 msgid "Mail Sharing Folder Changed Intro"
-msgstr "Someone shared a folder with you:"
+msgstr "Someone shared a folder with you:"
+
+msgid "Mail Antivirus Alert Subject"
+msgstr "Antivirus Alert on Your Twake Drive"
+
+msgid "Mail Antivirus Alert Title"
+msgstr "Antivirus Alert on Your Twake Drive"
+
+msgid "Mail Antivirus Alert Description"
+msgstr "Antivirus scan for a file on your Twake Drive has flagged an issue."
+
+msgid "Mail Antivirus Issue Label"
+msgstr "Issue:"
+
+msgid "Mail Antivirus Issue Infected"
+msgstr "Virus detected"
+
+msgid "Mail Antivirus Issue Skipped"
+msgstr "File too large to be scanned"
+
+msgid "Mail Antivirus Issue Error"
+msgstr "Scan error"
+
+msgid "Mail Antivirus File Label"
+msgstr "File:"
+
+msgid "Mail Antivirus View Details Button"
+msgstr "View File Details"

assets/locales/fr.po

@@ -1415,3 +1415,30 @@ msgstr "Voir sur Twake Drive"
 
 msgid "Mail Sharing Folder Changed Intro"
 msgstr "Quelqu'un a partagé un dossier avec vous :"
+
+msgid "Mail Antivirus Alert Subject"
+msgstr "Alerte antivirus sur votre Twake Drive"
+
+msgid "Mail Antivirus Alert Title"
+msgstr "Alerte antivirus sur votre Twake Drive"
+
+msgid "Mail Antivirus Alert Description"
+msgstr "L'analyse antivirus d'un fichier sur votre Twake Drive a signalé un problème."
+
+msgid "Mail Antivirus Issue Label"
+msgstr "Problème :"
+
+msgid "Mail Antivirus Issue Infected"
+msgstr "Virus détecté"
+
+msgid "Mail Antivirus Issue Skipped"
+msgstr "Fichier trop volumineux pour être analysé"
+
+msgid "Mail Antivirus Issue Error"
+msgstr "Erreur d'analyse"
+
+msgid "Mail Antivirus File Label"
+msgstr "Fichier :"
+
+msgid "Mail Antivirus View Details Button"
+msgstr "Voir les détails du fichier"

assets/mails/notifications_antivirus.mjml

@@ -0,0 +1,18 @@
+{{define "content"}}
+<mj-text mj-class="content-medium" color="#999999">
+	<span style="color: #e74c3c; font-size: 14px;">&#128683;</span>&nbsp;
+	{{t "Mail Antivirus Issue Label"}} {{.IssueDescription}}
+</mj-text>
+<mj-text mj-class="title content-medium">
+	{{t "Mail Antivirus Alert Title"}}
+</mj-text>
+<mj-text mj-class="content-medium">
+	{{t "Mail Antivirus Alert Description"}}
+</mj-text>
+<mj-text mj-class="content-medium">
+	<strong>{{t "Mail Antivirus File Label"}}</strong> {{.FileName}}
+</mj-text>
+<mj-button href="{{.FileURL}}" align="left" mj-class="primary-button content-xlarge">
+	{{t "Mail Antivirus View Details Button"}}
+</mj-button>
+{{end}}

assets/mails/notifications_antivirus.text

@@ -0,0 +1,11 @@
+{{t "Mail Antivirus Issue Label"}} {{.IssueDescription}}
+
+{{t "Mail Antivirus Alert Title"}}
+
+{{t "Mail Antivirus Alert Description"}}
+
+{{t "Mail Antivirus File Label"}} {{.FileName}}
+
+{{t "Mail Antivirus View Details Button"}}
+
+  [{{.FileURL}}]

model/notification/center/notification_center.go

@@ -31,6 +31,9 @@ const (
 	// NotificationSharingFileChanged category for sending alert when a file or
 	// folder is created in a sharing.
 	NotificationSharingFileChanged = "sharing-file-changed"
+	// NotificationAntivirusAlert category for sending alert when antivirus
+	// scanning detects an issue with a file (infected, too large, or error).
+	NotificationAntivirusAlert = "antivirus-alert"
 )
 
 var (
@@ -54,6 +57,12 @@ var (
 			Stateful:     false,
 			MailTemplate: "sharing_file_changed",
 		},
+		NotificationAntivirusAlert: {
+			Description:  "Alert when antivirus scanning detects an issue with a file",
+			Collapsible:  false,
+			Stateful:     false,
+			MailTemplate: "notifications_antivirus",
+		},
 	}
 )
 

web/statik/statik.go

@@ -1,15 +1,19 @@
 package antivirus
 
 import (
+	"fmt"
 	"os"
 	"runtime"
 	"time"
 
 	"github.com/cozy/cozy-stack/model/instance"
 	"github.com/cozy/cozy-stack/model/job"
+	"github.com/cozy/cozy-stack/model/notification"
+	"github.com/cozy/cozy-stack/model/notification/center"
 	"github.com/cozy/cozy-stack/model/vfs"
 	"github.com/cozy/cozy-stack/pkg/clamav"
 	"github.com/cozy/cozy-stack/pkg/config/config"
+	"github.com/cozy/cozy-stack/pkg/consts"
 	"github.com/cozy/cozy-stack/pkg/couchdb"
 )
 
@@ -66,7 +70,7 @@ func Worker(ctx *job.TaskContext) error {
 
 	if avConfig.MaxFileSize > 0 && file.ByteSize > avConfig.MaxFileSize {
 		log.Infof("File %s is too large (%d bytes > %d max), skipping scan", msg.FileID, file.ByteSize, avConfig.MaxFileSize)
-		return updateScanStatus(fs, file, &vfs.AntivirusScan{
+		return updateScanStatus(inst, file, &vfs.AntivirusScan{
 			Status: vfs.AVStatusSkipped,
 		})
 	}
@@ -83,7 +87,7 @@ func Worker(ctx *job.TaskContext) error {
 	content, err := fs.OpenFile(file)
 	if err != nil {
 		log.Errorf("Failed to open file %s: %v", msg.FileID, err)
-		return updateScanStatus(fs, file, &vfs.AntivirusScan{
+		return updateScanStatus(inst, file, &vfs.AntivirusScan{
 			Status: vfs.AVStatusError,
 			Error:  err.Error(),
 		})
@@ -95,7 +99,7 @@ func Worker(ctx *job.TaskContext) error {
 	result, err := client.Scan(ctx, content)
 	if err != nil {
 		log.Errorf("Failed to scan the file %s: %v", msg.FileID, err)
-		return updateScanStatus(fs, file, &vfs.AntivirusScan{
+		return updateScanStatus(inst, file, &vfs.AntivirusScan{
 			Status: vfs.AVStatusError,
 			Error:  err.Error(),
 		})
@@ -122,14 +126,16 @@ func Worker(ctx *job.TaskContext) error {
 	}
 
 	log.Debugf("Updating scan status for file %s: status=%s", msg.FileID, st.Status)
-	return updateScanStatus(fs, file, st)
+	return updateScanStatus(inst, file, st)
 }
 
 // updateScanStatus updates the file document with the scan status.
 // It retries on conflict errors to handle race conditions with the trigger.
-func updateScanStatus(fs vfs.VFS, file *vfs.FileDoc, scan *vfs.AntivirusScan) error {
+// It also sends a notification when the status is infected, skipped, or error.
+func updateScanStatus(inst *instance.Instance, file *vfs.FileDoc, scan *vfs.AntivirusScan) error {
 	const maxRetries = 3
 	var err error
+	fs := inst.VFS()
 
 	for i := 0; i < maxRetries; i++ {
 		var f *vfs.FileDoc
@@ -141,13 +147,19 @@ func updateScanStatus(fs vfs.VFS, file *vfs.FileDoc, scan *vfs.AntivirusScan) er
 		newdoc.AntivirusScan = scan
 		err = couchdb.UpdateDoc(fs, newdoc)
 		if err == nil {
+			// Send notification for non-clean statuses
+			if scan.Status != vfs.AVStatusClean && scan.Status != vfs.AVStatusPending {
+				issueDesc := getIssueDescription(inst, scan)
+				sendNotification(inst, file, scan.Status, issueDesc)
+			}
 			return nil
 		}
 		if !couchdb.IsConflictError(err) {
 			return err
 		}
 		// Conflict error, retry with fresh document
 	}
+
 	return err
 }
 
@@ -156,3 +168,58 @@ func isEnabledForInstance(inst *instance.Instance) bool {
 	cfg := config.GetAntivirusConfig(inst.ContextName)
 	return cfg != nil && cfg.Enabled
 }
+
+// sendNotification sends a notification to the user about an antivirus issue
+// using the notification center.
+func sendNotification(inst *instance.Instance, file *vfs.FileDoc, status string, issueDescription string) {
+	avConfig := config.GetAntivirusConfig(inst.ContextName)
+	if avConfig == nil || !avConfig.Notifications.EmailOnInfected {
+		return
+	}
+
+	log := inst.Logger().WithNamespace("antivirus")
+
+	driveURL := inst.SubDomain("drive")
+	driveURL.Fragment = fmt.Sprintf("/folder/%s/file/%s", file.DirID, file.DocID)
+	fileURL := driveURL.String()
+
+	n := &notification.Notification{
+		Title: inst.Translate("Mail Antivirus Alert Title"),
+		Slug:  consts.DriveSlug,
+		Data: map[string]interface{}{
+			"IssueDescription": issueDescription,
+			"FileName":         file.DocName,
+			"FileURL":          fileURL,
+		},
+		PreferredChannels: []string{"mail"},
+	}
+
+	err := center.PushStack(inst.DomainName(), center.NotificationAntivirusAlert, n)
+	if err != nil {
+		log.Errorf("Failed to push antivirus notification: %v", err)
+		return
+	}
+
+	log.Infof("Sent antivirus notification for file %s (status: %s)", file.DocID, status)
+	return
+}
+
+// getIssueDescription returns a translated issue description for the given status.
+func getIssueDescription(inst *instance.Instance, scan *vfs.AntivirusScan) string {
+	switch scan.Status {
+	case vfs.AVStatusInfected:
+		if scan.VirusName != "" {
+			return inst.Translate("Mail Antivirus Issue Infected") + " (" + scan.VirusName + ")"
+		}
+		return inst.Translate("Mail Antivirus Issue Infected")
+	case vfs.AVStatusSkipped:
+		return inst.Translate("Mail Antivirus Issue Skipped")
+	case vfs.AVStatusError:
+		if scan.Error != "" {
+			return inst.Translate("Mail Antivirus Issue Error") + ": " + scan.Error
+		}
+		return inst.Translate("Mail Antivirus Issue Error")
+	default:
+		return ""
+	}
+}

worker/antivirus/antivirus.go

@@ -9,9 +9,11 @@ import (
 	"github.com/cozy/cozy-stack/model/instance"
 	"github.com/cozy/cozy-stack/model/instance/lifecycle"
 	"github.com/cozy/cozy-stack/model/job"
+	"github.com/cozy/cozy-stack/model/notification"
 	"github.com/cozy/cozy-stack/model/vfs"
 	"github.com/cozy/cozy-stack/pkg/clamav"
 	"github.com/cozy/cozy-stack/pkg/config/config"
+	"github.com/cozy/cozy-stack/pkg/consts"
 	"github.com/cozy/cozy-stack/pkg/couchdb"
 	"github.com/cozy/cozy-stack/pkg/logger"
 	"github.com/cozy/cozy-stack/tests/testutils"
@@ -79,6 +81,9 @@ func TestAntivirus(t *testing.T) {
 				"address":       clamavAddress,
 				"timeout":       30 * time.Second,
 				"max_file_size": int64(0),
+				"notifications": map[string]interface{}{
+					"email_on_infected": true,
+				},
 			},
 		}
 		t.Cleanup(func() {
@@ -179,6 +184,9 @@ func testWorkerInfectedFile(t *testing.T, inst *instance.Instance) {
 	require.Equal(t, vfs.AVStatusInfected, updatedDoc.AntivirusScan.Status)
 	require.NotNil(t, updatedDoc.AntivirusScan.ScannedAt)
 	require.Contains(t, updatedDoc.AntivirusScan.VirusName, "EICAR")
+
+	// Verify notification was sent
+	verifyNotificationCreated(t, inst, "infected-test.txt")
 }
 
 func testWorkerSkipsLargeFiles(t *testing.T, inst *instance.Instance) {
@@ -218,6 +226,9 @@ func testWorkerSkipsLargeFiles(t *testing.T, inst *instance.Instance) {
 	require.NoError(t, err)
 	require.NotNil(t, updatedDoc.AntivirusScan)
 	require.Equal(t, vfs.AVStatusSkipped, updatedDoc.AntivirusScan.Status)
+
+	// Verify notification was sent
+	verifyNotificationCreated(t, inst, "large-test.txt")
 }
 
 func testWorkerDeletedFile(t *testing.T, inst *instance.Instance) {
@@ -296,3 +307,21 @@ func deleteTestFile(t *testing.T, fs vfs.VFS, doc *vfs.FileDoc) {
 	t.Helper()
 	_ = fs.DestroyFile(doc)
 }
+
+func verifyNotificationCreated(t *testing.T, inst *instance.Instance, fileName string) {
+	t.Helper()
+	var notifs []*notification.Notification
+	err := couchdb.GetAllDocs(inst, consts.Notifications, nil, &notifs)
+	require.NoError(t, err)
+
+	found := false
+	for _, n := range notifs {
+		if n.Category == "antivirus-alert" {
+			if data, ok := n.Data["FileName"].(string); ok && data == fileName {
+				found = true
+				break
+			}
+		}
+	}
+	require.True(t, found, "Expected notification for file %s not found", fileName)
+}

worker/antivirus/antivirus_test.go

@@ -38,6 +38,7 @@ func initMailTemplates() {
 		"notifications_sharing":        subjectEntry{"Notification Sharing Subject", []string{"SharerPublicName", "TitleType"}},
 		"notifications_diskquota":      subjectEntry{"Notifications Disk Quota Subject", nil},
 		"notifications_oauthclients":   subjectEntry{"Notifications OAuth Clients Subject", nil},
+		"notifications_antivirus":      subjectEntry{"Mail Antivirus Alert Subject", nil},
 		"update_email":                 subjectEntry{"Mail Update Email Subject", nil},
 	}
 }