The Flash Player was deprecated in 2017 and officially discontinued
on 31 December 2020, so media_swf player has been completely
removed from Moodle core.
- `notifylevel` will change what gets sent as part of the antivirus
notification emails based on the scan type. For example if set on
SCAN_RESULT_FOUND, it will not notify for any detections, if set to
SCAN_RESULT_ERROR, it will notify for both detections and errors.
- `threshold` will determine how far the lookback is when displaying the
status of the /reports/status (System Status) page. It will display as
an ERROR state if there has been scanner issues within this certain
threshold period
- As part of the above, scanner errors will now trigger a new event
which will be logged as antivirus_scan_data_error or
antivirus_scan_file_error. Due to the nature of it reading from the
logs table, it only works currently for the "Standard logging"
logstore.
We can't really control the direct web access to directories in dirroot,
that is part of the server setup. So we at least warn admins as they may
not realize the risks of having directories like vendor or node_modules
exposed.
Credit goes to Petr Škoda for mentioning the PHPUnit issue CVE-2017-9841
to me.
