Scanning Files for Viruses with ClamAV and PHP on Linux

When a user receives a file, you can use ClamAV on Linux to determine whether the file contains a virus. The core scanning program is clamdscan , which runs as a daemon ( clamd ) and can be invoked from the command line.

After installing ClamAV (refer to other technical articles for download and installation steps), edit the ClamAV configuration to enable the local socket:

<code>LocalSocket /tmp/clamd.socket</code>

Start the clamd daemon. To scan a file or directory, execute the following command (replace the path with the actual file you want to check):

<code>/usr/local/clamav-0.102.1/bin/clamdscan /tmp/attachment_04613DE5A94DD00E1F48F7A5D39A802C9700000000000001_4</code>

The command returns output similar to:

<code>/tmp/attachment_04613DE5A94DD00E1F48F7A5D39A802C9700000000000001_4: Xls.Virus.Mailcab-6702020-0 FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.176 sec (0 m 0 s)</code>

In PHP you can run the same scan by building the command string and calling exec :

<code>$cmd = "/usr/local/clamav-0.102.1/bin/clamdscan {$file}";
exec($cmd, $output);
</code>

The $output array will contain the scanner's response, allowing you to programmatically react to infected files.