This guide describes how you can automatically scan files uploaded by users through a web form on your server using PHP and ClamAV. That way you can make sure that your upload form will not be abused to distribute malware. To glue PHP and ClamAV, we install the package php5-clamavlib/php4-clamavlib which is rather undocumented at this time. That package is available for Debian Etch and Sid and also for Ubuntu Dapper Drake and Edgy Eft, so make sure you use one of these platforms. I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

As I said before, your system must use Debian Etch, Sid, Ubuntu Dapper Drake or Ubuntu Edgy Eft, and you should already have Apache2 and PHP4 or PHP5 installed. If you are on Debian Sarge, you can install the php-clamavlib package from backports.org:

I assume that you use /var/www as the default document root. If you have multiple web sites on your server already, adjust the document root to your needs. Also, I use 192.168.0.100 as the IP address of my server in this example. Adjust this as well, and if you have multiple web sites with a name-based vhost configuration, you must use the respective domain/FQDN to access the web site instead of the IP address. I do all the steps here as the root user. So make sure you're logged in as root or, if you are on Ubuntu, prepend all commands with sudo, e.g.

The link for this article located at How To Forge is no longer available.