PHP - Installing php-libclamav

Installing php-libclamav on Red Hat 5 64-bit

ClamAV (http://www.clamav.net) must be installed and tested.

tar xvzf php-clamav-0.XX.tar.gz
cd php-clamav-0.XX
phpize
./configure --with-clamav
make
cp modules/clamav.so /usr/local/lib/php/extensions/

Create clamav.ini in /etc/php.d:

extension=clamav.so
[clamav]
clamav.dbpath="/usr/local/share/clamav/"
clamav.maxreclevel=16
clamav.maxfiles=10000
clamav.maxfilesize=26214400
clamav.maxscansize=104857600
clamav.keeptmp=0
clamav.tmpdir="/tmp"

service httpd restart

cl_info() Returns informations about ClamAV (version and signatures loaded). Does not accept any argument. Returns a text line with ClamAV informations in english.

int cl_scanfile(string filename, string virusname) Scan a file given a filename, returns the virusname and return code of the 'cl_scanfile()' API function. The parameter filename is the absolute / relative path to the file. The parameter virusname is used to retrieve the virusname if a virus was found. Return value is the result of ClamAV scan.

string cl_engine(long maxfiles, long maxfilesize, long maxscansize, long maxreclevel, long keeptmp) Load ClamAV engine options over clamav.ini default options. maxfiles: Maximum number of file to scan. maxfilesize: Maximum size per file. maxscansize: Maximum size per file. maxreclevel: Maximum level of recursion. keeptmp: Don't use the temporary directory for scan. Returns success or failure.

string cl_pretcode(int retcode) Translates the ClamAV return code.retcode: The return code of a cl_scanfile_ex(filename, options, virusname, retcode) or cl_scanbuff_ex(buffer, size_buffer, virusname, retcode) function. Returns a string with the return code description.

string cl_debug() Turn on debug information.

I use the cl_setlimits() function to set limits for the virus scanning process in order to prevent DOS attacks (where the virus scanning process could eat up all resources on the system). The usage is like this: cl_setlimits($maxreclevel, $maxfiles, $maxratio, $archivememlim, $maxfilesize)

  • $maxreclevel: integer value /* maximal recursion level */
  • $maxfiles: integer value /* maximal number of files to be scanned within archive */
  • $maxratio: integer value /* maximal compression ratio */
  • $archivememlim: boolean /* limit memory usage for bzip2 (0/1) */
  • $maxfilesize: long integer /* archived files larger than this value (in bytes) will not be scanned */

Basically, these values define the behaviour of ClamAV if archives (zip files, tar.gz files, bz2 files, etc.) are scanned. If you don't use the cl_setlimits() function, the respective values from the php.ini are taken.

The main function is the cl_scanfile() function which takes the path to the file to scan as argument. Uploaded files are temporarily saved (usually in /tmp; depends on your php.ini settings) before they are processed. That temporary file is saved in $_FILES['file']['tmp_name'] so we pass that variable to the cl_scanfile() function. If no virus is found, it gives back FALSE, otherwise the name of the virus it found.

Download the test virus from http://www.eicar.org/anti_virus_test_file.htm (eicar.com, eicar_com.zip, eicarcom2.zip)

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License