Antivirus
Set up
The virus scanner requires access to a ClamAV virusscanner.
For testing, we recommend running https://hub.docker.com/r/mkodockx/docker-clamav/ using Docker
docker run --rm -ti -p 3310:3310 docker.io/mkodockx/docker-clamav:alpine-idb-amd64
Or to use a persistent database as a volume
docker run --rm -ti -p 3310:3310 -v clamav:/var/lib/clamav docker.io/mkodockx/docker-clamav:alpine-idb-amd64
Keep in mind that the ClamAV socket should be properly firewalled, not be open to untrusted hosts, and not travel across unprotected networks as the data is not encrypted. See also https://blog.clamav.net/2016/06/regarding-use-of-clamav-daemons-tcp.html and consider using stunnel to protect the traffic if needed.
Once installed you need to configure the scanner as follows:
- Open WebHare
- Open the WRD Browser
- Open the
system:config
schema - Select the
EXTERNALSERVICE
type - Select the ADD button
- Set SERVICETYPE to
system:clamav
- Set URL to the
host/ip:port
where ClamAV runs, egtcp://2127.0.0.1:3310
You can set up multiple scanners for load sharing or availability.
Testing the virus scanner
You can use the antivirus.whscr
debug script to test if you've installed the
scanner properly
wh run mod::system/scripts/debug/antivirus.whscr - <<< 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR'-'STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'