Skip to end of metadata
Go to start of metadata

FileCloud supports scanning of uploaded files using ClamAV (an opensource antivirus software).

Introduction

It is possible to use the OpenSource Free ClamAV antivirus to scan uploaded files automatically.  ClamAV is available for Windows and Linux.

The instructions are for Ubuntu Linux only, but can be used for other Linux systems using equivalent commands
Note: ClamWin features include on-demand (user started) scanning, automatic updates, scan scheduling, context menu integration to Explorer, and an add-in for Microsoft Outlook . ClamWin does not provide on-access scanning, additional software must be used.


Installing ClamAV in Ubuntu

 

  1. Install the ClamAV package

     

    sudo apt-get install clamav-daemon
    
  2. You might need to run 'freshclam' to update the antivirus database files

     

    sudo freshclam
    
  3. Update the ClamAV-Daemon mode to use TCP, by running the sudo dpkg-reconfigure clamav-base

     

    sudo dpkg-reconfigure clamav-base     
    
  4. In the reconfigure wizard, choose Socket Type TCP and Interface as localhost to listen to.


  5. After reconfigure finishes, verify the clamd.conf file is setup correctly (/etc/clamav/clamd.conf)  

    NOTE: TCPAddr localhost may not work. You can enter the filecloud URL in place of TCPAddr to make it work

     

    TCPSocket 3310
    TCPAddr localhost
    StreamMaxLength 100M  
    
  6. Additional commands for Ubuntu 16

    systemctl --system daemon-reload
    systemctl restart clamav-daemon.socket
    systemctl restart clamav-daemon.service
  7. Start ClamAV-Daemon

 

sudo /etc/init.d/clamav-daemon start

Installing ClamAV in Windows

  1. Download and Install ClamWin Free AntivirusUse this path when installing: C:\ClamAV \ClamWin

  2. Download ClamAV for Windows from this link http://oss.netfarm.it/clamav/Download the Win64 build (it will be something like clamav-amd64-<someversion>.7z).

  3. To extract the downloaded .7z file, Use 7z extractor from http://www.7-zip.org/download.html .

  4. Extract the clamav-amd64-<someversion>.7z file to C:\ClamAV location. All the files must be extracted and saved in  C:\ClamAV location
    *Note: After extracting it, make sure that the files clamd.exe are in c:\ClamAV (If it extracted it inside a subfolder, move all the files from that subfolder back in to c:\ClamAV). Mandatory Step

  5. Create these extra folders: 

    C:\ClamAV\tmp
    C:\ClamAV\db


  6. Modify the  Antivirus Database download folder in ClamWin Free Antivirus to point it to C:\ClamAV\db and update the DB.

     

    Open C:\ClamAV\ClamWin\bin and run ClamWin Application.

    Tap on Tools -> Preference -> File Locations

    Now change the location of Virus database to C:\ClamAV\db and save.

  7. You’ll need the Windows Server 2003 Resource kit (It works on 2012 R2). Get it here : http://www.microsoft.com/en-us/download/confirmation.aspx?id=17657  and copy / move instsrv.exe and srvany.exe in the same directory of ClamAV (C:\ClamAV).


  8.  Goto DOS prompt (cmd) with elevated rights and go to C:\ClamAV. Enter: instsrv.exe ClamD c:\ClamAV\srvany.exe


  9. Now edit the registry to let clamd.exe run using it’s clamd.conf file when started as a service.

      

    NOTE: It is dangerous to edit the registry, follow carefully

    §  Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ClamD

    §  Right click on Clamd and create a new Key called Parameters

    §  Right click on Parameters and create a new String Value called Application

    §  Edit the new Application REG_SZ and add c:\ClamAV\clamd.exe -c c:\ClamAV\clamd.conf

    §  Right click on CalmD and create a new String Value called Description

    §  Edit the new Description REG_SZ and add ClamAV Antivirus For FileCloud



     

     

  10.  Then you can start and stop ClamD in Services or manually:

    net start ClamD


  11.  You can check if clamav is listening at the right port:

     netstat -a | findstr 3310

  12. Follow the FileCloud instructions to connect to the hostname of the local machine.



Integrating ClamAV with FileCloud

Once the ClamAV is setup and started, The next step is to add details of the ClamAV service to FileCloud server

  1. Log into FileCloud Administration Portal
  2. Click on Settings in the left navigation panel
  3. Click on Misc -> Anti-Virus tab
  4. Enable ClamAV Scan
  5. Enter the following information  


       6. Click the Save button
       7. Click on ClamAV Test button to verify connectivity
Once AV configuration is setup , every file uploaded to FileCloud will be scanned before being added to FileCloud storage. If a file fails AV check (a virus detected) then the file will be deleted and an entry will be added to the Audit log with the details of the file
SettingDescription
Enable ClamAV ScanCheck this setting to enable AV scanning
ClamAV Host

Enter the URL or IP of the system where Clam AV is running. This can be local or remote system.

ClamAV PortThe port used by ClamAV (This is set when ClamAV is installed in the previous section)
Skip scanning for files greater thanThis is the file limit in bytes that will be scanned. For example, very large files can be excluded from scanning. default value 25MB
Stream Chunk SizeThis is a advanced setting used to stream the file content to AV server for scanning. Default is 8k.

 

 

 

  • No labels