Page tree
Skip to end of metadata
Go to start of metadata

You can configure FileCloud to scan uploaded files using ClamAV, an open source antivirus software that is included with FileCloud.

ClamAV is available for:

  • Windows 
  • Linux

When a virus is detected in an uploaded file, the following actions occur:

  1. The incoming file is deleted.
  2. An alert will be displayed in the Admin Portal.
  3. A toast will be displayed in the User Portal.
  4. An entry will be added in the audit log about virus detection in the file and subsequent deletion of the file.

To Use ClamAV


(lightbulb) In the following section, to display more information, click on a step.


 1. Install ClamAV in Ubuntu

These instructions are for Ubuntu Linux, but they can be used for other Linux systems using equivalent commands.


To install ClamAV in Ubuntu:

  1. Install the ClamAV package

    sudo apt-get install clamav-daemon
    
  2. You might need to run 'freshclam' to update the antivirus database files

    sudo freshclam
    
  3. Update the ClamAV-Daemon mode to use TCP, by running the sudo dpkg-reconfigure clamav-base

    sudo dpkg-reconfigure clamav-daemon     
    
  4. In the reconfigure wizard, choose Socket Type TCP and Interface as localhost to listen to.


  5. After reconfigure finishes, verify the clamd.conf file is setup correctly (/etc/clamav/clamd.conf)  

    NOTE: TCPAddr localhost may not work. You can enter the filecloud URL in place of TCPAddr to make it work

    TCPSocket 3310
    TCPAddr localhost
    StreamMaxLength 100M  
    
  6. Additional commands for Ubuntu 16

    #The Socket Configuration changes are also required as below:
    
    
    #Edit the file /etc/systemd/system/clamav-daemon.service.d/extend.conf
    
    [Socket]
    SocketUser=clamav
    ListenStream=/var/run/clamav/clamd.ctl
    SocketGroup=clamav
    SocketMode=666
    ListenStream=xx.xx.xx.xx:3310
    
    
    # Note that xx.xx.xx.xx = IP address of server or 127.0.0.1
    
    
    #After that run:
    
    
    systemctl --system daemon-reload
    systemctl restart clamav-daemon.service
  7. Start ClamAV-Daemon

sudo /etc/init.d/clamav-daemon start

OR

 1. Install ClamAV on Windows

Notes on CLamWin:


To install ClamAV on Windows:

  1. Download and Install ClamWin Free AntivirusUse this path when installing: C:\ClamAV\ClamWin

  2. Download ClamAV for Windows from this link http://oss.netfarm.it/clamav/Download the Win64 build (it will be something like clamav-amd64-<someversion>.7z).

  3. To extract the downloaded .7z file, Use 7z extractor from http://www.7-zip.org/download.html .

  4. Extract the clamav-amd64-<someversion>.7z file to C:\ClamAV location. All the files must be extracted and saved in  C:\ClamAV location
    *Note: After extracting it, make sure that the files clamd.exe are in c:\ClamAV (If it extracted it inside a subfolder, move all the files from that subfolder back in to c:\ClamAV). Mandatory Step

  5. Create these extra folders: 

    C:\ClamAV\tmp
    C:\ClamAV\db


  6. Modify the  Antivirus Database download folder in ClamWin Free Antivirus to point it to C:\ClamAV\db and update the DB.

    Now change the location of Virus database to C:\ClamAV\db and save.



  7. Open C:\ClamAV\ClamWin\bin and run ClamWin Application.

    Tap on Tools -> Preference -> File Locations


  8. You’ll need the Windows Server 2003 Resource kit (It works on 2012 R2). Get it here : http://www.microsoft.com/en-us/download/confirmation.aspx?id=17657  and copy / move instsrv.exe and srvany.exe in the same directory as ClamAV (C:\ClamAV).


  9.  Go to DOS prompt (cmd) with elevated rights and go to C:\ClamAV. Enter: instsrv.exe ClamD c:\ClamAV\srvany.exe


  10. Now edit the registry to let clamd.exe run using it’s clamd.conf file when started as a service.

      

    NOTE: It is dangerous to edit the registry, follow carefully

    §  Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ClamD

    §  Right click on Clamd and create a new Key called Parameters

    §  Right click on Parameters and create a new String Value called Application

    §  Edit the new Application REG_SZ and add c:\ClamAV\clamd.exe -c c:\ClamAV\clamd.conf

    §  Right click on CalmD and create a new String Value called Description

    §  Edit the new Description REG_SZ and add ClamAV Antivirus For FileCloud


     

  11.  Then you can start and stop ClamD in Services or manually:

    net start ClamD



  12.  You can check if clamav is listening on the right port:

     netstat -a | findstr 3310


  13. Follow the FileCloud instructions to connect to the hostname of the local machine.

  14. Below is a sample of clamd.conf

PidFile C:\ClamAV\clamd.pid
LogFile C:\ClamAV\clamd.log
DatabaseDirectory C:\ClamAV\db
TemporaryDirectory C:\ClamAV\tmp
TCPSocket 3310
TCPAddr <IP address of Server> or 127.0.0.1
DetectPUA yes
DetectBrokenExecutables yes
HeuristicScanPrecedence yes
ArchiveBlockEncrypted yes
StreamMaxLength 30M


  

 2. Integrate ClamAV with FileCloud

Once ClamAV is setup and started, the next step is to add details of the ClamAV service to FileCloud server.

To integrate ClamAV with FileCloud:

  1. Open a browser, log in to the Admin Portal, and from the left navigation panel, click Settings.
  2. On the Manage Settings  screen, select the Third Party Integrations tab.
  3. On the Third Party Integrations  tab, select the Anti-Virus sub-tab.
  4. On the Anti-Virus sub-tab, in Anti-Virus Type, select Clam AV.
  5. Select the Clam AV  sub-tab.
  6. On the Clam AV  tab, select the checkbox for Enable ClamAV Scan.
  7. Enter the following information:  

    SettingDescription
    Enable ClamAV ScanCheck this setting to enable AV scanning
    ClamAV Host

    Enter the URL or IP of the system where Clam AV is running. This can be local or remote system.

    ClamAV PortThe port used by ClamAV (This is set when ClamAV is installed in the previous section)
    Skip scanning for files greater thanThis is the file limit in bytes that will be scanned. For example, very large files can be excluded from scanning. Default value is 25MB
    Stream Chunk SizeThis is a advanced setting used to stream the file content to ClamAV for scanning. Default is 8KB.
  8. Click Save.

  9. To verify connectivity, click the ClamAV Test button.


Once the ClamAV configuration is set up, every file uploaded to FileCloud will be scanned before being added to FileCloud storage.
  • If a file fails AV check (i.e. a virus detected) then the file will be deleted and an entry will be added to the Audit log with the details of the file.

If scanning fails

If scanning fails because the ClamAV server is down, a message appears on your screen, and your Manage Alerts page displays the warning:
Unable to communicate with ClamAV Server. Check immediately.

By default, if ClamAV fails to scan a file because the ClamAV server is down, the file is not deleted.

To automatically delete files if ClamAV scan fails because the ClamAV server is unavailable:

  1. Open the configuration file:
    Windows: XAMPP DIRECTORY/htdocs/config/cloudconfig.php
    Linux: /var/www/config/cloudconfig.php
  2. Add the line:

    define("TONIDOCLOUD_CLAMAV_DELETE_ON_SCAN_FAIL", "1");

    Now, when scan fails, the file is deleted, and the audit log displays the message: ClamAV removed [FILE_PATH] due to scan fail.

    If TONIDOCLOUD_CLAMAV_DELETE_ON_SCAN_FAIL is enabled and the CLAMAV server is not available, FileCloud does not allow files to be uploaded.

  • No labels