phplibclamav

This PHP extension provides the ability to scan files for malware using the Clam Anti-Virus engine. It is compatible with PHP4 and PHP5. It is released under the GPL license.

This package is not officially associated with or endorsed by the ClamAV developers.

If you have feedback or bug reports email me here.

There was a minor mistake in the tarball available, which has been fixed. Download phplibclamav - current version 0.6.0.

• Installation
• Usage
• Example

 

Release Notes: 2008-05-23

• remove clamav.maxratio ini option to be compat with clamav 0.93, thanks to Jani Ollikainen for letting me know of the API change

 

Changelog:

0.3.2 - 2005-12-28

• Changed package name at request of ClamAV developers
• Fixed bug, startup warning if no clamav.db_path is specified
• Rebuilt internal db storage. Added reload of virus database if directory of databases are loaded and have changed. Fixed up package.xml to reflect license.

0.4.0 - 2006-10-04

• Added scanning of file uploads
• Fixed threadsafe build

0.5.0 - 2007-05-18

• new database loading and storage to be compatible with libclamav 0.90 and greater
• removal of clamav_scan_string function, libclamav no longer supports this operation
• fixes in config.m4 for building on freebsd, thanks to Igor Grinchenko for testing on that platform
• clamav_open_db now only excepts no parameters if there is a clamav.db_path ini option set

 

Mandriva Linux 2006 RPM‘s - for version 0.3.2

The packages were kindly built by Jeffery Fernandez. If you have feedback on the packages let me know, and i will pass it on to Jeff.

• Binary i586 RPM
• Source RPM

 

Vbulletin Forum Extension

Vladislav Rastrusny has provided an extension for vbulletin that uses this extension:

• Forum Thread
• Authors Blog

 

Installation

To compile from source you will need libclamav installed, and PHP 4/5 installed. Download the tarball above and extract.

	cd phplibclamav    phpize    ./configure --with-clamav=/prefix/for/libclamav    make    make install    

You need to load the extension via your php.ini file:

	extension="clamav.so"    

 

SELinux
If you are using SELinux, then you may have to allow access to the virus definition files by the webserver. This is done on a Redhat system like so:

	chcon -R -h -t httpd_sys_content_t /var/clamav/    

You can verify the permissions with:

	ls -aZ /var/clamav    

These tips were suggested by Martin Rytter Jensen .

 

Usage

There are several ini options available, although all are set to the recommended defaults. All ini options are marked PHP_INI_SYSTEM to allow for easy shared hosting administration.

Name	Default	Effect
clamav.db_path	no value	If this path is set then the module will attempt to preload the path as a ClamAV database at module startup. This will consume memory for every process and so is off by default. If you wanted to guarantee access to a ClamAV database then set this.
clamav.scan_file_uploads	0	If set to a value > 0, and if the clamav.db_path ini option is set and the database is successfully loaded, then files will be scanned during upload. If the scan produces malware, or an error occures then the uploaded file is deleted and the UPLOAD_ERR_EXTENSION error is added to the $_FILES entry. This option is only available for php >= 5.2
clamav.maxfiles	1000	The maximum number of files to scan in an archive.
clamav.maxfilesize	10485760	The maximum filesize of scanned files in bytes.
clamav.maxreclevel	5	The maximum recursion when scanning archives.
clamav.maxratio	200	The maximum compression ratio for scanned files. This ini option is no longer provided in phplibclamav version 0.6.0 and higher. It remains documented for people running older clamav installations (which is not recommended).
clamav.archivememlimit	0	Memory limit for bzip2 archives. Use 0 for no limit.

mixed clamav_open_db([string path])
This functions opens a ClamAV database ready for scanning files. It must load the database in memory, and so should be called only when used. If you don‘t pass in a path, and you have set a clamav.db_path ini option, you will get that database (if loaded). You may pass in a directory to load all available databases in that directory. If you have previously loaded a directory of databases, say in your php.ini, and the databases change, then the database will automatically reload. In order to avoid the clamav engine startup time during script execution you should set the clamav.db_path ini option, so that the default db path is already loaded. The downside is then memory usage depending on SAPI. This function returns a resource or false on error.

mixed clamav_scan_file(resource db, string file)
This function scans a file for malware using the db previously opened. This function returns a string identifying the malware found, or false if the file is clean.

string clamav_default_db()
This function returns the built in path for ClamAV database files.

mixed clamav_scan_string(resource db, string string_to_scan)
This function is no longer provided in phplibclamav version 0.5.0 and higher. It remains documented for people running older clamav installations (which is not recommended).

Example

//you don‘t have to specify the path if the db has already been opened    //via the clamav.db_path option    //if you will use the virus scanner frequently in scripts, set the database    //in your php.ini and leave the path blank here    $db = clamav_open_db(‘/home/trickie/Desktop/phpclamav/test/main.cvd‘);    if($malware = clamav_scan_file($db, ‘file/to/scan‘))    {    echo ‘We have Malware: ‘.$malware;    }    echo ‘Built in Database location: ‘.clamav_default_db();