Extension Malware scanning with ClamAV for uploads

Extension Basics

Title	Malware scanning with ClamAV for uploads
Name	ckanext-clamav
Type	Public extension
Description	Scan uploaded resources for viruses and malware using ClamAV
CKAN versions	~2.9, ~2.10 Show details These CKAN Versions are exactely matched: 2.10.0 2.10.1 2.10.2 2.10.3 2.10.4 2.10.5 2.10.6 2.10.7 2.10.8 2.11.0 2.11.1 2.11.2 2.11.3 2.12.0 2.9.0 2.9.1 2.9.10 2.9.11 2.9.2 2.9.3 2.9.4 2.9.5 2.9.6 2.9.7 2.9.8 2.9.9
Download-Url (zip)	https://github.com/DataShades/ckanext-clamav.git#egg=ckanext-clamav
Download-Url commit date	2023-01-01
Url to repo	https://github.com/DataShades/ckanext-clamav
Category	Authentication & Security

Background Infos

Description (long)	Show details This extension provides comprehensive malware scanning for uploaded resources using the ClamAV antivirus library (clamd). Features include: automatic scanning of all uploaded resource files for viruses and malware, custom IUploader implementation to intercept uploads before storage, support for both Unix socket and TCP/IP connection to ClamAV daemon, configurable behavior for unscanned files (allow or block), configurable connection timeout for ClamAV checks, seamless integration with custom uploaders like ckanext-s3filestore (must be loaded before custom uploaders in plugin order), production-stable status with comprehensive test coverage. The extension blocks infected files and prevents them from being stored, protecting the CKAN instance and its users from malicious content. Compatible with CKAN 2.10+ and Python 3.8-3.10. Requires ClamAV daemon (clamd) to be installed and running on the system.
Version	1.0.34
Version release date	2023-01-01
Contact name	DataShades
Contakt email	datashades@linkdigital.com.au
Contact Url	(not set)

Installation Guide

Configuration hints	Install ClamAV on your system first (Ubuntu example for Unix Socket): Update and install ClamAV apt-get update apt-get install clamav clamav-daemon -y Update ClamAV signature database systemctl stop clamav-freshclam freshclam systemctl start clamav-freshclam Install the extension: Activate CKAN virtualenv . /usr/lib/ckan/default/bin/activate Clone and install git clone https://github.com/DataShades/ckanext-clamav.git cd ckanext-clamav pip install -e . pip install -r requirements.txt Enable the plugin in your CKAN config file: ckan.plugins = clamav IMPORTANT: If using custom uploaders (like ckanext-s3filestore), clamav must come BEFORE them in plugin order: ckan.plugins = clamav s3filestore Configuration options: Socket file path (default: /var/run/clamav/clamd.ctl) ckanext.clamav.socket_path = /your/path/to/socket.file Allow unscanned files upload (default: True) Set to False to block uploads if ClamAV is unavailable ckanext.clamav.upload_unscanned = False Connection mechanism: unix or tcp (default: unix) ckanext.clamav.socket_type = unix For TCP connection, provide host and port: ckanext.clamav.socket_type = tcp ckanext.clamav.tcp.host = your.hostname.address ckanext.clamav.tcp.port = 3310 Connection timeout in seconds (default: 60) ckanext.clamav.timeout = 120 Restart CKAN: sudo service apache2 reload Note: CKAN 2.9 support only in v1.1.0 (requires “pip install setuptools>=44.1.0,<71”). CKAN 2.7-2.8 no longer supported.
Plugins to configure (ckan.ini)	clamav
CKAN Settings (ckan.ini)	# ckanext.clamav.socket_path = /your/path/to/socket.file # ckanext.clamav.upload_unscanned = False # ckanext.clamav.socket_type = unix # ckanext.clamav.tcp.host = your.hostname.address # ckanext.clamav.tcp.port = 3310 # ckanext.clamav.timeout = 120
DB migration to be executed	(not set)

<< back to Extensions