?i»?
Your IP : 18.226.200.172
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Configuring the ClamAV antivirus scanner — Nextcloud 13 Administration Manual 13 documentation</title>
<link rel="stylesheet" href="../_static/" type="text/css" />
<link rel="stylesheet" href="../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../_static/main.min.css" type="text/css" />
<link rel="stylesheet" href="../_static/styles.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '../',
VERSION: '13',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="../_static/jquery.js"></script>
<script type="text/javascript" src="../_static/underscore.js"></script>
<script type="text/javascript" src="../_static/doctools.js"></script>
<script type="text/javascript" src="../_static/js/jquery-1.11.0.min.js"></script>
<script type="text/javascript" src="../_static/js/jquery-fix.js"></script>
<script type="text/javascript" src="../_static/bootstrap-3.1.0/js/bootstrap.min.js"></script>
<script type="text/javascript" src="../_static/bootstrap-sphinx.js"></script>
<link rel="top" title="Nextcloud 13 Administration Manual 13 documentation" href="../contents.html" />
<meta charset='utf-8'>
<meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="theme-color" content="#1d2d44">
</head>
<body role="document">
<div class="wrap container not-front">
<div class="content row">
<main class="main">
<div class="row">
<div class="col-md-3">
<div class="sidebar">
<h1>Nextcloud 13 Administration Manual</h1>
<div class="sidebar-search">
<form class="headersearch" action="../search.html" method="get">
<input type="text" value="" name="q" id="q" class="form-control" />
<button class="btn btn-default" type="submit" id="searchsubmit">Search</button>
</form>
</div>
<div class="menu-support-container">
<ul id="menu-support" class="menu">
<ul>
<li><a href="../contents.html">Table of Contents</a></li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../index.html">Introduction</a></li>
<li class="toctree-l1"><a class="reference internal" href="../release_notes.html">Release notes</a></li>
<li class="toctree-l1"><a class="reference internal" href="../installation/index.html">Installation</a></li>
<li class="toctree-l1"><a class="reference internal" href="index.html">Server configuration</a></li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_user/index.html">User management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_files/index.html">File sharing and management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../file_workflows/index.html">File workflows</a></li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_database/index.html">Database configuration</a></li>
<li class="toctree-l1"><a class="reference internal" href="../configuration_mimetypes/index.html">Mimetypes management</a></li>
<li class="toctree-l1"><a class="reference internal" href="../maintenance/index.html">Maintenance</a></li>
<li class="toctree-l1"><a class="reference internal" href="../issues/index.html">Issues and troubleshooting</a></li>
</ul>
</ul>
</div>
</div>
</div>
<div class="col-md-9">
<div class="page-content">
<div class="section" id="configuring-the-clamav-antivirus-scanner">
<h1>Configuring the ClamAV antivirus scanner<a class="headerlink" href="#configuring-the-clamav-antivirus-scanner" title="Permalink to this headline">¶</a></h1>
<p>You can configure your Nextcloud server to automatically run a virus scan on
newly-uploaded files with the Antivirus App for Files. The Antivirus App for
Files integrates the open source anti-virus engine <a class="reference external" href="http://www.clamav.net/index.html">ClamAV</a> with Nextcloud. ClamAV detects all forms
of malware including Trojan horses, viruses, and worms, and it operates on all
major file types including Windows, Linux, and Mac files, compressed files,
executables, image files, Flash, PDF, and many others. ClamAV’s Freshclam
daemon automatically updates its malware signature database at scheduled
intervals.</p>
<p>ClamAV runs on Linux and any Unix-type operating system, and Microsoft Windows.
However, it has only been tested with Nextcloud on Linux, so these instructions
are for Linux systems. You must first install ClamAV, and then install and
configure the Antivirus App for Files on Nextcloud.</p>
<div class="section" id="installing-clamav">
<h2>Installing ClamAV<a class="headerlink" href="#installing-clamav" title="Permalink to this headline">¶</a></h2>
<p>As always, the various Linux distributions manage installing and configuring
ClamAV in different ways.</p>
<dl class="docutils">
<dt>Debian, Ubuntu, Linux Mint</dt>
<dd><p class="first">On Debian and Ubuntu systems, and their many variants, install ClamAV with
these commands:</p>
<div class="last highlight-python"><div class="highlight"><pre>apt-get install clamav clamav-daemon
</pre></div>
</div>
</dd>
</dl>
<p>The installer automatically creates default configuration files and launches the
<code class="docutils literal"><span class="pre">clamd</span></code> and <code class="docutils literal"><span class="pre">freshclam</span></code> daemons. You don’t have to do anything more, though
it’s a good idea to review the ClamAV documentation and your settings in
<code class="docutils literal"><span class="pre">/etc/clamav/</span></code>. Enable verbose logging in both <code class="docutils literal"><span class="pre">clamd.conf</span></code> and
<code class="docutils literal"><span class="pre">freshclam.conf</span></code> until you get any kinks worked out.</p>
<dl class="docutils">
<dt>Red Hat 7, CentOS 7</dt>
<dd><p class="first">On Red Hat 7 and related systems you must install the Extra Packages for
Enterprise Linux (EPEL) repository, and then install ClamAV:</p>
<div class="last highlight-python"><div class="highlight"><pre>yum install epel-release
yum install clamav clamav-scanner clamav-scanner-systemd clamav-server
clamav-server-systemd clamav-update
</pre></div>
</div>
</dd>
</dl>
<p>This installs two configuration files: <code class="docutils literal"><span class="pre">/etc/freshclam.conf</span></code> and
<code class="docutils literal"><span class="pre">/etc/clamd.d/scan.conf</span></code>. You must edit both of these before you can run
ClamAV. Both files are well-commented, and <code class="docutils literal"><span class="pre">man</span> <span class="pre">clamd.conf</span></code> and <code class="docutils literal"><span class="pre">man</span>
<span class="pre">freshclam.conf</span></code> explain all the options. Refer to <code class="docutils literal"><span class="pre">/etc/passwd</span></code> and
<code class="docutils literal"><span class="pre">/etc/group</span></code> when you need to verify the ClamAV user and group.</p>
<p>First edit <code class="docutils literal"><span class="pre">/etc/freshclam.conf</span></code> and configure your options.
<code class="docutils literal"><span class="pre">freshclam</span></code> updates your malware database, so you want it to run frequently to
get updated malware signatures. Run it manually post-installation to download
your first set of malware signatures:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="n">freshclam</span>
</pre></div>
</div>
<p>The EPEL packages do not include an init file for <code class="docutils literal"><span class="pre">freshclam</span></code>, so the quick
and easy way to set it up for regular checks is with a cron job. This example
runs it every hour at 47 minutes past the hour:</p>
<div class="highlight-python"><div class="highlight"><pre># m h dom mon dow command
47 * * * * /usr/bin/freshclam --quiet
</pre></div>
</div>
<p>Please avoid any multiples of 10, because those are when the ClamAV servers are
hit the hardest for updates.</p>
<p>Next, edit <code class="docutils literal"><span class="pre">/etc/clamd.d/scan.conf</span></code>. When you’re finished you must enable
the <code class="docutils literal"><span class="pre">clamd</span></code> service file and start <code class="docutils literal"><span class="pre">clamd</span></code>:</p>
<div class="highlight-python"><div class="highlight"><pre>systemctl enable clamd@scan.service
systemctl start clamd@scan.service
</pre></div>
</div>
<p>That should take care of everything. Enable verbose logging in <code class="docutils literal"><span class="pre">scan.conf</span></code>
and <code class="docutils literal"><span class="pre">freshclam.conf</span></code> until it is running the way you want.</p>
</div>
<div class="section" id="enabling-the-antivirus-app-for-files">
<h2>Enabling the antivirus app for files<a class="headerlink" href="#enabling-the-antivirus-app-for-files" title="Permalink to this headline">¶</a></h2>
<p>Place the <code class="docutils literal"><span class="pre">files_antivirus</span></code> app into the <code class="docutils literal"><span class="pre">apps</span></code> directory of your Nextcloud
server. Then the app shows up on the Nextcloud Apps page where it simply can be
enabled.</p>
<div class="figure">
<img alt="../_images/antivirus-app.png" src="../_images/antivirus-app.png" />
</div>
</div>
<div class="section" id="configuring-clamav-on-nextcloud">
<h2>Configuring ClamAV on Nextcloud<a class="headerlink" href="#configuring-clamav-on-nextcloud" title="Permalink to this headline">¶</a></h2>
<p>Next, go to your Nextcloud Admin page and set your Nextcloud logging level to
Everything.</p>
<div class="figure">
<img alt="../_images/antivirus-logging.png" src="../_images/antivirus-logging.png" />
</div>
<p>Now find your Antivirus Configuration panel on your Admin page.</p>
<div class="figure">
<img alt="../_images/antivirus-config.png" src="../_images/antivirus-config.png" />
</div>
<p>ClamAV runs in one of three modes:</p>
<ul class="simple">
<li>Daemon (Socket): ClamAV is running on the same server as Nextcloud. The ClamAV
daemon, <code class="docutils literal"><span class="pre">clamd</span></code>, runs in the background. When there is no activity <code class="docutils literal"><span class="pre">clamd</span></code>
places a minimal load on your system. If your users upload large volumes of
files you will see high CPU usage.</li>
<li>Daemon: ClamAV is running on a different server. This is a good option
for Nextcloud servers with high volumes of file uploads.</li>
<li>Executable: ClamAV is running on the same server as Nextcloud, and the
<code class="docutils literal"><span class="pre">clamscan</span></code> command is started and then stopped with each file upload.
<code class="docutils literal"><span class="pre">clamscan</span></code> is slow and not always reliable for on-demand usage; it is
better to use one of the daemon modes.</li>
</ul>
<dl class="docutils">
<dt>Daemon (Socket)</dt>
<dd><p class="first">Nextcloud should detect your <code class="docutils literal"><span class="pre">clamd</span></code> socket and fill in the <code class="docutils literal"><span class="pre">Socket</span></code>
field. This is the <code class="docutils literal"><span class="pre">LocalSocket</span></code> option in <code class="docutils literal"><span class="pre">clamd.conf</span></code>. You can
run <code class="docutils literal"><span class="pre">netstat</span></code> to verify:</p>
<div class="highlight-python"><div class="highlight"><pre>netstat -a|grep clam
unix 2 [ ACC ] STREAM LISTENING 15857 /var/run/clamav/clamd.ctl
</pre></div>
</div>
<div class="figure">
<img alt="../_images/antivirus-daemon-socket.png" src="../_images/antivirus-daemon-socket.png" />
</div>
<p>The <code class="docutils literal"><span class="pre">Stream</span> <span class="pre">Length</span></code> value sets the number of bytes read in one pass.
10485760 bytes, or ten megabytes, is the default. This value should be
no larger than the PHP <code class="docutils literal"><span class="pre">memory_limit</span></code> settings, or physical memory if
<code class="docutils literal"><span class="pre">memory_limit</span></code> is set to -1 (no limit).</p>
<p class="last"><code class="docutils literal"><span class="pre">Action</span> <span class="pre">for</span> <span class="pre">infected</span> <span class="pre">files</span> <span class="pre">found</span> <span class="pre">while</span> <span class="pre">scanning</span></code> gives you the choice of
logging any alerts without deleting the files, or immediately deleting
infected files.</p>
</dd>
<dt>Daemon</dt>
<dd><p class="first">For the Daemon option you need the hostname or IP address of the remote
server running ClamAV, and the server’s port number.</p>
<div class="last figure">
<img alt="../_images/antivirus-daemon.png" src="../_images/antivirus-daemon.png" />
</div>
</dd>
<dt>Executable</dt>
<dd><p class="first">The Executable option requires the path to <code class="docutils literal"><span class="pre">clamscan</span></code>, which is the
interactive ClamAV scanning command. Nextcloud should find it automatically.</p>
<div class="last figure">
<img alt="../_images/antivirus-executable.png" src="../_images/antivirus-executable.png" />
</div>
</dd>
</dl>
<p>When you are satisfied with how ClamAV is operating, you might want to go
back and change all of your logging to less verbose levels.</p>
</div>
</div>
</div>
</div>
</div>
</main>
</div>
</div>
</body>
</html>