ClamAV filter icon
Module Id
clamav-filter
Group Id
org.jahia.community
Updated
Requires Jahia
8.2.1.0
Author
Florent BOURASSE
Category
Tools and Utilities
Status
COMMUNITY info
Visit developer's website
Email developer

ClamAV filter group_work

security
Download (1.0.0)

A Jahia module that scans uploaded files against a ClamAV antivirus daemon and blocks any upload containing detected malware.

Dependencies & Dependants

Dependencies
Dependants
  • NONE

FAQ

Configuration

The module reads its settings from the OSGi configuration file:

$JAHIA_DATA_DIR/karaf/etc/org.jahia.community.clamav.cfg
Property Default Description
host localhost Hostname or IP address of the ClamAV daemon
port 3310 Port of the ClamAV daemon
connection_timeout 2000 Maximum time (ms) to wait when connecting to the daemon
read_timeout 20000 Maximum time (ms) to wait for the scan response

Changes to the configuration file are applied immediately — no restart required.

Admin UI

Settings can also be edited directly in the Jahia administration panel:

Administration → Server Health → ClamAV Antivirus Settings

The UI allows editing all four settings, saving them, and testing the connection to the daemon. The connection is tested automatically when the page opens. The file scan test section is disabled when the daemon is not reachable.

How it works

 

  1. When a file is uploaded through Jahia (Media Manager, Forms, etc.), the upload filter intercepts the stream.
  2. The file content is forwarded to the ClamAV daemon over TCP using the INSTREAM command.
  3. If ClamAV reports a threat, the upload is rejected and the virus signature is logged.
  4. If ClamAV is unreachable (daemon down, wrong host/port, timeout), the upload is blocked by default to prevent unscanned files from reaching the repository.

Testing

Start a local ClamAV daemon with Docker:

docker run --interactive --tty --rm --publish 3310:3310 --name clamav clamav/clamav:stable

Wait for the container to print socket found, clamd started. before testing.

To trigger a detection, use the EICAR test file — a standard, harmless file that every compliant antivirus engine flags as malware.

Building from source

 

Requirements: JDK 17+, Maven 3.x, Node.js v22, Yarn v1.22

mvn clean install

The frontend assets are built automatically via the frontend-maven-plugin as part of the Maven build.

How To Install

Requirements

  • Jahia 8.2.1 or later
  • A running ClamAV daemon reachable from the Jahia server
  • graphql-dxm-provider module

Installation

  1. In Jahia, go to Administration → Server settings → System components → Modules
  2. Upload the JAR clamav-filter-X.X.X.jar
  3. Verify the module status is Started

License

MIT License

Copyright (c) 2026 - present Florent BOURASSÉ

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

copyright2002-2026 All Rights Reserved by Jahia Solutions Group SA

Privacy Policy / Terms of Use / Cookie Policy