You can enable virus scanning of file uploads for your Cloud Platform applications. Cloud Platform virus scanning uses ClamAV. ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware, and other malicious threats.
Acquia installs the ClamAV executable on all Cloud Platform infrastructure. To leverage ClamAV for virus scanning, you must install, enable, and configure the ClamAV module. This module connects to the ClamAV executable on your Cloud Platform infrastructure.
Cloud Platform updates the ClamAV virus definitions daily. After you enable virus scanning, ClamAV protects your application from viruses uploaded by form file uploads and prevents uploaded files from being saved if it detects a virus.
Configuring the ClamAV module
The ClamAV module, which is available for Drupal 7 and the current Drupal version, connects with ClamAV to scan files uploaded with CCK’s filefield widget, CCK’s imagefield widget, and normal Drupal form file uploads.
To configure the ClamAV module:
- In Configuration, select ClamAV.
In Scan method, select Executable.
- In Executable mode configuration, in the Executable path field, enter
/usr/bin/clamscan. - In Verbosity, select the verbose checkbox.
- Click Save configuration.
ClamAV thereafter scans all files uploaded to your application for viruses. If ClamAV finds a virus, it displays a message to the user reporting that the file could not be uploaded, and then logs the event to stdout and stderr, with the file name and virus name. You can then find the entry in the Acquia Cloud drupal-watchdog.log.
Scanning files that are already present
Scanning exceptions
ClamAV scans all files uploaded to your application for viruses. However, you can consider the following exceptional cases:
Clamscan does not scan the database because it does not read binary data.
Even with a regular scan, malware may exist in the database or in your /tmp directory.