I am using my own Graph API keys to synchronise files from Teams/Sharepoint.
In the case where Sharepoint has marked a file as infected, Teams client will not allow you to open the file, and OneDrive for Business (if synced with that Sharepoint) will not allow you to download the file locally to your PC for opening.
However Rclone still can see these files and will copy them to the target location (see screenshot). Is there any way to detect this file status through Graph API and disable copying of potentially infected files?
Thanks for the reply. I didn't think it was applicable as it's not a problem as such, the remote is set up and works fine, just wondering about whether rclone can detect and skip these "infected" files.
A logfile of rclone’s output with personal information removed.
2021/04/29 14:19:28 DEBUG : Using config file from "/home/user/.config/rclone/rclone.conf"
2021/04/29 14:19:28 DEBUG : rclone: Version "v1.55.0" starting with parameters ["rclone" "sync" "remote:General/AWS_Feed" "xxx/AWS_Feed/" "-vv" "--dry-run"]
2021/04/29 14:19:28 DEBUG : Creating backend with remote "remote:General/AWS_Feed"
2021/04/29 14:19:38 DEBUG : Creating backend with remote "xxx/AWS_Feed/"
2021/04/29 14:19:41 NOTICE: eicar.txt: Skipped copy as --dry-run is set (size 68)
2021/04/29 14:19:41 DEBUG : Local file system at xxx/AWS_Feed/: Waiting for checks to finish
2021/04/29 14:19:41 DEBUG : exampledata1.xlsx: Size and modification time the same (differ by 0s, within tolerance 1s)
2021/04/29 14:19:41 DEBUG : test.docx: Size and modification time the same (differ by 0s, within tolerance 1s)
2021/04/29 14:19:41 DEBUG : exampledata1.xlsx: Unchanged skipping
2021/04/29 14:19:41 DEBUG : test.docx: Unchanged skipping
2021/04/29 14:19:41 DEBUG : Local file system at xxx/AWS_Feed/: Waiting for transfers to finish
2021/04/29 14:19:41 DEBUG : Waiting for deletions to finish
2021/04/29 14:19:41 NOTICE:
Transferred: 68 / 68 Bytes, 100%, 267.982 kBytes/s, ETA 0s
Checks: 2 / 2, 100%
Transferred: 1 / 1, 100%
Elapsed time: 13.5s
The rclone config you’re using.
[remote]
type = onedrive
client_id = xxx
client_secret = xxx
region = global
token = {"access_token":"xxx","expiry":"xxx"}
drive_id = xxx
drive_type = documentLibrary
I was using dry-run to avoid annoying my admins if it actually did download. But yes I've given it a go now. Good news - it is recognised as malware (presume that's from Sharepoint) and is classed by Rclone as an error. Thank you!
2021/04/29 14:50:26 DEBUG : Using config file from "/home/user/.config/rclone/rclone.conf"
2021/04/29 14:50:26 DEBUG : rclone: Version "v1.55.0" starting with parameters ["rclone" "sync" "remote:General/AWS_Feed" "xxx/AWS_Feed/" "-vv" "--retries" "1"]
2021/04/29 14:50:26 DEBUG : Creating backend with remote "remote:General/AWS_Feed"
2021/04/29 14:50:35 DEBUG : Creating backend with remote "xxx/AWS_Feed/"
2021/04/29 14:50:39 DEBUG : test.docx: Size and modification time the same (differ by 0s, within tolerance 1s)
2021/04/29 14:50:39 DEBUG : test.docx: Unchanged skipping
2021/04/29 14:50:39 DEBUG : exampledata1.xlsx: Size and modification time the same (differ by 0s, within tolerance 1s)
2021/04/29 14:50:39 DEBUG : exampledata1.xlsx: Unchanged skipping
2021/04/29 14:50:39 DEBUG : Local file system at xxx/AWS_Feed/: Waiting for checks to finish
2021/04/29 14:50:39 DEBUG : Local file system at xxx/AWS_Feed/: Waiting for transfers to finish
2021/04/29 14:50:47 ERROR : eicar.txt: Failed to copy: failed to open source object: malwareDetected: Malware detected
2021/04/29 14:50:47 ERROR : Local file system at xxx/AWS_Feed/: not deleting files as there were IO errors
2021/04/29 14:50:47 ERROR : Local file system at xxx/AWS_Feed/: not deleting directories as there were IO errors
2021/04/29 14:50:47 ERROR : Attempt 1/1 failed with 1 errors and: failed to open source object: malwareDetected: Malware detected
2021/04/29 14:50:47 INFO :
Transferred: 0 / 0 Bytes, -, 0 Bytes/s, ETA -
Errors: 1 (retrying may help)
Checks: 2 / 2, 100%
Elapsed time: 21.2s
2021/04/29 14:50:47 DEBUG : 5 go routines active
2021/04/29 14:50:47 Failed to sync: failed to open source object: malwareDetected: Malware detected
I've done a --dump responses. Not quite sure what they all but this is from the big one which lists all the files in the remote. This is what it looks like for the infected file. For other files the malware field is not listed at all.
Would be great if this could be used to skip these files in a future version, as otherwise Rclone thinks there's an error and keeps retrying (up to the retry limit of course).