Setting up ClamAV AntiVirus for Moodle file uploads

When administrating a Moodle site, it is important to set your Moodle to scan file uploads for viruses before they are accepted to the server. Moodle 2.3 has the Antivirus capability to accomplish this. Moodle uses ClamAV to scan uploaded files. This can be set up in the Site administration section. Lets set up ClamAV in Moodle.

Important! In order to use this feature, ClamAV will need to be installed on the server. If you are using a shared server at Inmotion, ClamAV is not installed. ClamAV can be installed on VPS and Dedicated servers. Please click here to learn how to install ClamAV.

Setting up ClamAV for file uploads

  1. Log into the Moodle Dashboard
  2. clamav-anti-virus-1-moodle

    Navigate to Site administration > Security > Anti-Virus in the Site administrator settings.

  3. clamav-anti-virus-2-moodle

    On the Anti-Viruspage, select the appropriate fields to enable ClamAV virus scans. Below is a detail of what each setting is for.

    The clam AV path and the Quarantine directory will be specific to your server configuration. If you do not know this information, please contact support or your hosting company to find the directory and path.


    Anti-Virus settings
    Use ClamAV on Upload Enabling this will have ClamAV scan the file before its uploaded to the server.
    clam AV path The path to ClamAV can vary on a server; however, the usual path is:

    /usr/bin/clamscan
    or
    /usr/bin/clamdscan.

    Quarantine directory When ClamAV needs to quarantine a file, this directory will be used to store them. Leaving this blank will have the uploaded file deleted.
    On clam AV failure If ClamAV fails, the file will either be deleted or moved to the quarantine folder. Selecting Treat files as OK will not delete them. Treat as Virus will delete the file.

    Once finished click Save changes.


    If the the ClamAV path or the directory is incorrect or if there is a configuration problem, Moodle will notify you.

    Wrong Paths Correct Paths
    clamav-anti-virus-3-bad-moodle

    clamav-anti-virus-4-good-moodle


  4. clamav-anti-virus-5-error-moodle

    Now when trying to upload a file that contains hack scripts or viruses Moodle will not allow the file to be saved to the server.

Congratulations, your file uploads in Moodle will now be scanned for viruses prior to them being uploaded to the server. This concludes the article for Setting up ClamAV AntiVirus for Moodle file uploads. For more information about Moodle security, please visit Moodle site security and server settings.

Was this article helpful? Let us know!