From ed098c5c43383aeac6fbeb32ddc843fd59a3d337 Mon Sep 17 00:00:00 2001 From: Ryan Date: Mon, 8 Dec 2025 02:38:51 -0500 Subject: [PATCH] docs: document ClamAV usage and PHP dependencies --- README.md | 6 ++++++ THIRD_PARTY.md | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) diff --git a/README.md b/README.md index 0d69e25..5bbd315 100644 --- a/README.md +++ b/README.md @@ -310,6 +310,12 @@ All third-party code remains under its original licenses. See `THIRD_PARTY.md` and the `licenses/` folder for full details. +The official Docker image includes the **ClamAV** antivirus scanner (GPL-2.0-only) for optional upload scanning. +ClamAV is maintained separately by Cisco and the ClamAV community. +Source and license text are available from your Linux distribution or [clamav.net](https://www.clamav.net/). + +--- + ## 8. Press - [Heise / iX Magazin – “FileRise 2.0: Web-Dateimanager mit Client Portals” (DE)](https://www.heise.de/news/FileRise-2-0-Web-Dateimanager-mit-Client-Portals-11092171.html) diff --git a/THIRD_PARTY.md b/THIRD_PARTY.md index 30d3da7..4f5893b 100644 --- a/THIRD_PARTY.md +++ b/THIRD_PARTY.md @@ -45,3 +45,50 @@ If you believe any attribution is missing or incorrect, please open an issue. > Apache-2.0–licensed code: see `licenses/apache-2.0.txt`. --- + +### Docker & ClamAV + +Used optionally for virus scanning of uploads (via the `clamscan` command). + +- **License:** GPL-2.0-only +- **Copyright:** © Cisco / ClamAV contributors +- **Home:** +- **Source:** Available via your Linux distribution’s package repositories or from the ClamAV website. +- **Note:** ClamAV runs as a separate executable and is not part of the FileRise application code. + +### Base image and system packages + +The official Docker image is built on **Ubuntu 24.04** and includes common +system packages (Apache HTTP Server, PHP, OpenSSL, ClamAV, etc.), each under +their respective upstream licenses as distributed by Ubuntu. + +--- + +## PHP libraries (Composer) + +The following PHP libraries are installed via Composer and live under `vendor/`: + +- **jumbojett/openid-connect-php** – MIT License + Used for OpenID Connect / OIDC login. + Files: `vendor/jumbojett/openid-connect-php/*` + +- **phpseclib/phpseclib** – MIT License + Used for cryptographic helpers. + Files: `vendor/phpseclib/phpseclib/*` + +- **robthree/twofactorauth** – MIT License + Used for TOTP-based two-factor authentication (2FA). + Files: `vendor/robthree/twofactorauth/*` + +- **endroid/qr-code** – MIT License + Used to generate QR codes for TOTP provisioning. + Files: `vendor/endroid/qr-code/*` + +- **sabre/dav** – BSD-3-Clause (“New BSD”) + Used to provide the WebDAV server. + Files: `vendor/sabre/dav/*` + +> MIT-licensed code: see `licenses/mit.txt`. +> BSD-licensed code: see [bsd-3-clause](https://opensource.org/license/bsd-3-clause/). + +---