ClamAV Scanner for Flysystem
, (*1)
This package provides a filesystem adapter for
Flysystem that scans files being
read from and written to an underlying filesystem using the popular
ClamAV antivirus engine. This adapter acts as a
passthrough adapter, sitting in between your application and whichever concrete
Flysystem adapter you use to store your files. Since this scanner is itself a
Flysystem adapter, it can be implemented in an existing application simply by
dropping it in as a replacement to your existing Flysystem adapter so that all
filesytem calls go through the ClamAV adapter. Simply pass your existing
adapter as the "backing" adapter to the ClamAV adapter when you instantiate it,
and the rest should be completely transparent to your application., (*2)
Requirements
-
ClamAV - In order to utilize this package, you will need access to a running instance of the ClamAV
clamd daemon. This package utilizes clamd for its speed. Other similar file scanning packages utilize clamscan, which requires reading and parsing the large virus database each time it is called. The clamd daemon, on the other hand, only has to read and parse the database when it starts up and when the database is refreshed, making it a much faster option. If you are utilizing Docker, then it is simple to get clamd up and running by utilizing one of the existing images from the Docker Hub, such as the infiniteproject/clamav image. Be sure that whichever image you use provides a running clamd daemon. Images that simply run clamscan will not work with this adapter.
-
Flysystem - This package is a Flysystem filesystem adapter, so it goes without saying that you must be using Flysystem in your project either directly or via existing integrations (ie Laravel). In order to utilize this adapter, you must also use a concrete adapter that stores and retrieves the files from a real filesystem. If will be up to you as the developer (unless using an existing integration that provides the functionality for you) to set up the "backing" adapter and pass that adapter to the ClamAV adapter.
Installation
Via composer:, (*3)
composer require mgriego/flysystem-clamav
Usage
In order to utilize this adapter, you must first set up your "backing" adapter
and an instance of Quahog that points to
your clamd server., (*4)
First, set up your backing adapter like you would normally. For instance, if
you are storing files using the Local adapter:, (*5)
use League\Flysystem\Adapter\Local;
$backingAdapter = new Local(__DIR__.'/path/to/root');
Next, you must set up an instance of the Quahog ClamAV integration library.
Quahog is automatically installed by Composer when using this package, so there
is no need to require it explicitly. More info on how to set up your Quahog
instance can be found in the
Quahog README. If your clamd service
is running via TCP port 3310 on the local machine's loopback adapter, you can
instantiate Quahog like this:, (*6)
use Socket\Raw\Factory as SocketFactory;
use Xenolope\Quahog\Client as ClamAVScanner;
// Create a new socket instance
$socket = (new SocketFactory())->createClient('tcp://127.0.0.1:3310');
// Create a new instance of the Client
$quahog = new ClamAVScanner($socket);
Once you have your backing adapter and scanner set up, you can instantiate this
adapter. This adapter's constructor takes two required and one optional
arguments:
1. The Quahog instance
2. The backing adapter instance
3. A boolean telling the adapter whether to scan files that are being copied using the copy operation. This parameter is optional and defaults to false. If this is set to true, the adapter will first scan the source file before telling the backing adapter to perform the copy., (*7)
use League\Flysystem\Filesystem;
use mgriego\Flysystem\ClamAV\ClamAvScannerAdapter;
// In this case, copies will be scanned.
$adapter = new ClamAvScannerAdapter($quahog, $backingAdapter, true);
$filesystem = new Filesystem($adapter);
Files are scanned during the read/readStream, write/writeStream, and
update/updateStream operations. If the adapter is configured as such, files
will also be scanned during the copy operation. If ClamAV detects malware in
the file, a \mgriego\Flysystem\ClamAV\VirusFoundException exception will be
thrown. The getReason method will return the name of the malware that was
detected in the file, and the getPath method will return the path of the file
that was being acted upon. Or you can simply call the standard getMessage
method available on all Exceptions, and a message will be returned that contains
both the path and the name of the malware., (*8)
Coming soon!, (*9)
Acknowledgements
This package wouldn't be possible without these great projects:
* The Quahog PHP library for integrating with ClamAV
* The Flysystem filesystem abstraction library for PHP
* The ClamAV antivirus engine, (*10)
Wallogit.com
