You can enable virus scanning of file uploads for your Cloud Platform applications. Cloud Platform virus scanning uses ClamAV, an open source antivirus engine. Cloud Platform updates the ClamAV virus definitions daily. After you have enabled virus scanning, ClamAV protects your application from viruses uploaded by form file uploads and prevents uploaded files from being saved if it detects a virus.
To enable virus scanning, using ClamAV, for file uploads to your website, install, enable, and configure the ClamAV module, which connects to the ClamAV executable on your Cloud Platform server instance.
Note
Cloud Platform does not include or support the use of ClamAV as a daemon.
The ClamAV module (available for Drupal 7 and 8) connects with ClamAV to
scan files uploaded with CCK’s filefield
widget, CCK’s
imagefield
widget, and normal Drupal form file uploads.
Install and enable the ClamAV Drupal module on your application, and then configure the following settings:
/usr/bin/clamscan
.ClamAV thereafter scans all files uploaded to your application for viruses. If
ClamAV finds a virus, it displays a message to the user reporting that the file
could not be uploaded, and then logs the event to stdout
and stderr
,
with the file name and virus name. You can then find the entry in the Acquia
Cloud drupal-watchdog.log
.
If you have uploaded files to your application using methods that differ from the normal Drupal upload methods, you can still use ClamAV to scan these files. Since this method uses CPU resources, Acquia recommends that you copy the files to your development or staging environment and scanning files there, rather than in production. To scan files on your server, open a command prompt window and then enter the following command:
clamscan -ri
The r
parameter causes ClamAV to scan all files recursively, in the
current directory and subdirectories, and the i
parameter displays
only the infected files, if any.
You can also use the following cron command to run regular scans for your website:
--any-- 0 * * * * /usr/bin/clamscan -ri /mnt/tmp/ | mail -s "hourly website clam results" [email protected]
This command will scan files if run in /sites/default/files
. If you
want to scan code, the command must be run from the code directory.
For a more configurable and extensible version of this command, you can
download and use this
script
,
which provides configurable notification emails, in a cron command.
Note
Clamscan will not scan the database, because it does not read binary data.
Even with a regular scan, malware may still be present in the database
or in your /tmp
directory.