How to Configure Antivirus in Mattermost with ClamAV

ClamAV is a versatile antivirus program for server and desktop operating systems. With the Antivirus plugin, Mattermost can use ClamAV on a local or remote server to scan files before uploading them to channels. Below we cover how to:

• Install the Antivirus Mattermost Plugin
• Configure ClamAV
• Configure the Antivirus Mattermost Plugin
• Test ClamAV with the EICAR Standard Antivirus Test File

Get high performance and security with our Managed VPS Hosting. Contact our Sales team to learn more.

Install Antivirus in Mattermost

First, install the Antivirus plugin.

1. Log into Mattermost as a system admin
2. In the upper-left corner, select your username, then Plugin Marketplace
3. Beside Antivirus, select Install
4. Beside Antivirus, select Configure
5. Leave the configuration page for the Antivirus plugin open while you configure ClamAV below
   

   We recommend waiting until you finish configuring ClamAV to enable the plugin. This allows Mattermost users to still upload media in case you have issues with ClamAV configuration.

Configure ClamAV

Next, configure ClamAV on a server to listen for requests on a specific port. If you’ll be integrating ClamAV from a remote server that’s already configured to listen on a specific port, continue to the next section: configuring the Antivirus Mattermost plugin.

1. Ensure ClamAV is installed on your server via Web Host Manager (WHM) or SSH (Cloud and Bare metal Dedicated servers):
   

   clamscan -V

2. Log into SSH as root
3. Edit your ClamAV configuration file:
   

   nano +107 /user/local/cpanel/3rdparty/etc/clamd.conf

   
   

   If you’re not on a cPanel server, search for the Clamd file with the “find” command:
   find / -name clamd.conf

4. Remove the “#” before TCPSocket 3310 to enable listening for scan requests
5. (Optional) Change the port number to another unused port if desired
6. Ensure port 3310 (or other specified port) is permanently open in your firewall – Advanced Policy Firewall (APF), ConfigServer & Firewall (CSF), Firewalld, etc.
7. Restart Apache using (WHM) or your terminal:
   

   service httpd restart

Configure Antivirus in Mattermost

Enable and configure the Antivirus Mattermost plugin.

1. Open your Mattermost Antivirus configuration page (or reopen System Console, then Antivirus)
2. Change Enable Plugin to true
3. Change ClamAV – Host and Port to localhost:3310 (or other specified ClamAV hostname and port number)
4. Change the Scan Timeout (seconds) from 10 seconds if desired
5. Save changes

Test ClamAV with the EICAR Standard Antivirus Test File

EICAR has a test file free to use for testing antivirus software. The text string will create a false positive response (falsely states a virus is present) in the scanner but is not malicious.

1. Create a text file on your local computer
2. Visit https://2016.eicar.org/86-0-Intended-use.html
3. Add the text string from the bottom of the EICAR page to the new text file
4. Save and close the file
5. In a Mattermost channel, select the attachment icon beside the text box, then upload the text file
   

   

   It shouldn’t upload but prompt an error at the bottom:
   “Unable to upload file [file-name].txt. Rejected by plugin: The antivirus service did not allow you to attach this file.”
6. Attempt to upload a regular file and it should scan the file, then allow you to continue finishing your message

If everything worked well, congratulations on improving Mattermost security. If you have any issues, please contact Live Support.