This guide assumes that you have already installed the clamav extension and wish to put it to good use on your running application.

The extension requires that ClamAV is installed on the system running Preside. On Ubuntu / Debian servers, this is as simple as:

apt update
apt install clamav-daemon
freshclam
service clamav-daemon start
service clamav-freshclam start

Head over to the ClamAV Website for instructions on how to do so for your system if not covered by the above.

Once installed, you can can configure the extension through the Preside admin interface at System -> Settings -> ClamAV Antivirus. You will be able to configure the following options:

• ClamAV Executable path, i.e. /usr/bin/clamdscan
• Enable for admin, i.e. tick to enable scanning of files uploaded by administrators
• Enable for web, i.e. tick to enable scanning of files uploaded by website visitors who are not authenticated admin users
• Threat behaviour, choose the appropriate action for your use case. All actions will remove the file but you have the additional options to either throw an error or carry on silently

At present, the extension cannot automatically add validators to your forms to provide useful error messages to your users when a file threat has been detected. However, a validator is provided that you can add manually to your form definitions, etc. For example:

<?xml version="1.0" encoding="UTF-8"?>
<form i18nBaseUri="forms.jobapplication:">
    <tab id="default">
        <fieldset id="default">
            <!-- ... -->
            <field name="cv" control="fileupload" required="false">
                <!-- add the validation rule, 'clamAvCleanFile' to your field definitions -->
                <rule validator="clamAvCleanFile" />
            </field>
            <!-- ... -->
        </fieldset>
    </tab>
</form>