I was wondering if anyone integrated IMCE with ClamAV virsus scan when uploading files. Has anyone tried this?


ufku’s picture

Status: Active » Closed (won't fix)

Cleaning up issue queue.

sambonner’s picture

Hi, is there a reason why this issue has been set to won't fix? I'd be interested to know whether any one has integrated virus scanning into IMCE too.


ghosty’s picture

I was able to get virus scanning to work. Go to the /inc folder and look for imce.page.inc. Next, find the imce_upload_submit function. Add these couple lines at the top of the function:

$virus_flag = FALSE;

Then, inside of the first if statement which checks for a saved file upload, I added this:

//Check for a virus
$scan_command = 'clamscan --remove /path_to_drupal/drupal/' . $dirpath . '/' . $file->filename;
watchdog('imce', 'Command run: %cmd', array('%cmd' => $scan_command));
$scan_result = exec($scan_command, &$output, $return_var);
foreach ($output as $line) {
	if (preg_match('/FOUND$/', $line)) {
		$virus_flag = TRUE;
		db_query("DELETE FROM {files} WHERE fid = %d", $file->fid);

if ($virus_flag) {
	drupal_set_message(t('A virus was detected in the file %filename and not uploaded.', array('%filename' => $file->filename)), 'error');
else {

The rest of the code should then continue with the next line being //core bug #203204.. Just remember to close the new if/else statement added right after the //create thumbnails check.

ufku’s picture

The proper way to do this is to set a validator for imce_upload_form using the form API.

ghosty’s picture

That would be better. What is the function call I would use in this case? Let's say my module is called "my_module".

ufku’s picture

You need to be familiar with forms API. You can alter a form using hook_form_FORM_ID_alter

ghosty’s picture

So in this case would it be:

my_module_form_imce_upload_alter(&$form, $form_state)