Desired Feature: antivirus scan of file uploads #633

New Issue

OVERLORD · 2026-02-04T21:32:21+03:00

OVERLORD commented

2026-02-04 21:32:21 +03:00

Originally created by @TBK on GitHub (Apr 10, 2018).

Description:
Uploaded files should be scanned and rejected if tested positive, result logged and user notified of why the file was not accepted.

Inspiration:
https://www.superbrackets.com/article/scan-files-for-viruses-using-laravel-and-clamav
https://github.com/sunspikes/clamav-validator

Originally created by @TBK on GitHub (Apr 10, 2018). **Description:** Uploaded files should be scanned and rejected if tested positive, result logged and user notified of why the file was not accepted. **Inspiration:** https://www.superbrackets.com/article/scan-files-for-viruses-using-laravel-and-clamav https://github.com/sunspikes/clamav-validator

OVERLORD added the 🛠️ Enhancement label 2026-02-04 21:32:21 +03:00

OVERLORD closed this issue

2026-02-04 21:32:22 +03:00

OVERLORD commented

2026-02-04 21:32:28 +03:00

@lommes commented on GitHub (Jun 28, 2018):

This actually works with minimum changes in BookStack.

Nothing is logged yet.

Systemconfiguration is a bit tricky since clamav runs as own user and has no read access to the uploaded tmp file. I'm sure this will lead to many new issues regarding the interaction of BookStack and clamav.

@lommes commented on GitHub (Jun 28, 2018): This actually works with minimum changes in BookStack. ![image](https://user-images.githubusercontent.com/4281150/42033140-267d9ce2-7adc-11e8-8b17-9b679a311363.png) Nothing is logged yet. Systemconfiguration is a bit tricky since clamav runs as own user and has no read access to the uploaded tmp file. I'm sure this will lead to many new issues regarding the interaction of BookStack and clamav.

OVERLORD commented

2026-02-04 21:32:30 +03:00

@TBK commented on GitHub (Sep 20, 2018):

@lommes thanks for working on this request.

From my small amount of research it is possible to stream the file to an networked instance via the clamd protocol (https://blog.clamav.net/2016/06/regarding-use-of-clamav-daemons-tcp.html & https://linux.die.net/man/8/clamd) which would solve the permissions issue.

On the 3th of July sunspikes/clamav-validator got support for steaming - d52c441089 which the underlying lib has supported for quite a while https://github.com/jonjomckay/quahog

@TBK commented on GitHub (Sep 20, 2018): @lommes thanks for working on this request. From my small amount of research it is possible to stream the file to an networked instance via the clamd protocol (https://blog.clamav.net/2016/06/regarding-use-of-clamav-daemons-tcp.html & https://linux.die.net/man/8/clamd) which would solve the permissions issue. On the 3th of July sunspikes/clamav-validator got support for steaming - https://github.com/sunspikes/clamav-validator/commit/d52c44108967b0c3ffd393180a9f9d767a8e72c1 which the underlying lib has supported for quite a while https://github.com/jonjomckay/quahog

OVERLORD commented

2026-02-04 21:32:36 +03:00

@ssddanbrown commented on GitHub (Nov 8, 2022):

I'm going to go ahead and close this off since there's been little demand for this since opening.

@ssddanbrown commented on GitHub (Nov 8, 2022): I'm going to go ahead and close this off since there's been little demand for this since opening.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#633