Drupal integration with the ClamAV virus scanner.

This module will verify that files uploaded to a site are not infected with a virus, and prevent infected files from being saved.

NB: The module integrates with ClamAV, it does not provide an anti-virus scanner engine.


Comprehensive documentation can be found on the Installing ClamAV page. In general, the Drupal module doesn't have any specific requirements for how ClamAV is installed.

  1. First install the clamscan program:
    • Ubuntu:
      sudo apt-get install clamav
    • Redhat / CentOS:
      1. Enable the EPEL repo
      2. yum install clamav
      3. yum install clamd
    • OS-X (via homebrew): brew install clamav
  2. Then enable and configure the ClamAV Drupal module
  3. Done!


Once the ClamAV module is installed and configured, it's good practice to verify that it's detecting viruses properly. You can do this safely by trying to add content to your site, attaching the Eicar test virus to the content. The file upload should be blocked, and you should find a message recording this in the Watchdog logs.


The Drupal configuration page is at /admin/config/media/clamav.

"Daemon mode" is recommended. "Executable mode" is slower, and in some configurations, the ClamAV service may need to run under the same group as the webserver process.


The best resource is the ClamAV documentation.

For issues that are Drupal-specific or will affect most users of the Drupal ClamAV module, please raise and discuss them in the ClamAV module issue queue.


Project Information