Scan uploaded files in Drupal with ClamAV
When users can upload files to your server through upload fields, your server can be exposed to viruses. It would be useful to scan each file before it gets saved on your server and that's what this post is about. Luckily, there's a contributed module out there that integrates the opensource antivirus software ClamAV in your Drupal website. There are 2 major steps to take to make this work:
Copy freshclam.conf.sample to freshclam.conf and do the same for clamd.conf.sample.
Configure freshclam.conf:
Edit these 2 lines in the configuration, the rest can stay as is.
The database directory is the location where the databases are downloaded to. Make sure you copy this path to the clamd.conf file (this comes later).
At this point we're ready to download the database with the virus signatures. But we'll config the clamd.conf file first, so that's done.
Configure clamd.conf:
Edit these 5 lines in the configuration, the rest can stay as is.
The database directory is the location where the databases are downloaded to. Make sure this matches the path in freshclam.conf.
Path to the socket on which the daemon will listen. If the path doesn't exist, just create the missing directories.
The TCPSocket and the TCPAddr is address and port we bind the daemon to. This will be used by Drupal to pass the files to ClamAV.
The configuration is done at this point.
Go to admin/config/media/clamav and configure as shown below:
You're done! Your files are now scanned by ClamAV and blocked when infected. If for some reason your daemon ClamAV is not available, you still have the option to block all files or let through all files in the configuration above. That's up to you and your use case.
- Install and configure the ClamAV software on your server. The configuration is minimal.
- Install and configure the ClamAV module on your Drupal website. The configuration again is minimal.
1. Install ClamAV software on your server
In this part, I'll explain how to install it on your local machine, which in my case is OS X (using Homebrew). For the others out there, the configuration is basically the same, the way of installing will probably go via another packager. The same applies to the installation on the final server.Download ClamAV
$ brew install clamavClamAV is installed now.
Configure ClamAV
We have to configure 2 files: clamd.conf which will take care of running the application and freshclam.conf which will take care of keeping your antivirus up to date.Copy freshclam.conf.sample to freshclam.conf and do the same for clamd.conf.sample.
$ cd /usr/local/etc/clamav $ cp clamd.conf.sample clamd.conf && cp freshclam.conf.sample freshclam.conf
Configure freshclam.conf:
Edit these 2 lines in the configuration, the rest can stay as is.
# Comment or remove the line below. #Example # Path to the database directory. # WARNING: It must match clamd.conf's directive! # Default: hardcoded (depends on installation options) DatabaseDirectory /usr/local/etc/clamavBy removing 'Example', the application knows the config file is for real.
The database directory is the location where the databases are downloaded to. Make sure you copy this path to the clamd.conf file (this comes later).
At this point we're ready to download the database with the virus signatures. But we'll config the clamd.conf file first, so that's done.
Configure clamd.conf:
Edit these 5 lines in the configuration, the rest can stay as is.
# Comment or remove the line below. #Example # Path to the database directory. # Default: hardcoded (depends on installation options) DatabaseDirectory /usr/local/etc/clamav # Path to a local socket file the daemon will listen on. # Default: disabled (must be specified by a user) LocalSocket /usr/local/var/run/clamav/clamd.sock # TCP port address. # Default: no TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. This option can be specified multiple # times if you want to listen on multiple IPs. IPv6 is now supported. # Default: no TCPAddr 127.0.0.1Again, by removing 'Example', the application knows the config file is for real.
The database directory is the location where the databases are downloaded to. Make sure this matches the path in freshclam.conf.
Path to the socket on which the daemon will listen. If the path doesn't exist, just create the missing directories.
The TCPSocket and the TCPAddr is address and port we bind the daemon to. This will be used by Drupal to pass the files to ClamAV.
The configuration is done at this point.
Download the virus signature databases.
$ freshclam -v
If you get this error ...
ERROR: Can't create temporary directory /usr/local/etc/clamav/clamav-6904b3bd496995397a877e8e0e7e654e.tmp Hint: The database directory must be writable for UID 501 or GID 20
you should fix the permissions on the directory by doing this (replace the UID and GID by the hints you got in the error message):
$ cd /usr/local/etc/ $ sudo chown [UID]:[GID] clamav && sudo chmod 755 clamav
Run the ClamAV daemon
$ clamdIf you get no errors, the daemon should be running fine.
Stop the daemon
$ ps aux | grep "clam" 53730 0.0 1.8 2821692 305344 ?? Ss 10:20AM 0:13.73 clamd 53506 0.0 1.8 2819628 304040 ?? Ss 10:06AM 0:12.75 clamd 54259 0.0 0.0 2424580 428 s002 R+ 1:37PM 0:00.00 grep clam 54205 0.0 0.0 2450284 1280 s001 S+ 1:21PM 0:00.25 clamdtop $ sudo kill -9 53730 53506 54205Search on 'clam' in the processes and kill only those processes belonging to ClamAV. Afterwards you can restart the daemon using the 'clamd' command. This is important to do so when config has changed.
2. Download and configure the ClamAV Drupal module.
Install and enable the drupal module clamav.Go to admin/config/media/clamav and configure as shown below:
You're done! Your files are now scanned by ClamAV and blocked when infected. If for some reason your daemon ClamAV is not available, you still have the option to block all files or let through all files in the configuration above. That's up to you and your use case.
Add new comment