How to Use Antivirus for Files in Nextcloud with ClamAV

Nextcloud makes online collaboration easier for remote teams. However, some users have less secure personal computers and unsafe internet browsing practices. Scanning files before they can be uploaded to Nextcloud helps protect your managed VPS/dedicated server and users from malware.

The Antivirus for Files Nextcloud application does this by connecting to a separately installed ClamAV application hosted on the same server or a remote location. Below we cover:

Install Antivirus for Files

  1. Log into Nextcloud as an administrator
  2. In the upper-right corner, select your username icon, then + Apps
  3. On the left, select Security
  4. Under Antivirus for files, select Download and enable

Configure Antivirus for Files with ClamAV

  1. In the upper-right corner, select your username icon, then Settings
  2. On the left, under Administration, select Security
  3. Under Antivirus for Files, choose between three scanning modes:
    Daemon (Socket), Executable, and Daemon

Daemon (Socket)

This is the recommended option for using ClamAV on the same server. This is less resource-intensive compared to the executable mode.

When selecting this option, your Nextcloud Socket path should match the file path to clamd. To verify this, SSH into your server and run the netstat command:

netstat -a | grep clam

The file path is at the end:

unix  2      [ ACC ]     STREAM     LISTENING     1754490  /var/clamd
Antivirus for Files Daemon (Socket) mode
Example Daemon (Socket) mode

Executable

This option for using ClamAV on the same server is slower and more resource-intensive compared to the daemon (socket) mode.

With this option, your Nextcloud Path to clamscan path should match the file path to clamscan. To verify this, SSH into your server and run the find command:

find / -name clamscan

The example below is for the ClamAV cPanel plugin on a managed CentOS VPS.

/usr/local/cpanel/3rdparty/bin/clamscan
Antivirus for Files Executable mode
Example Executable mode

Daemon

This option calls ClamAV on a remote server and requires the hostname (IP address or server name) and port number of that server. You can find the port number within the ClamAV clamd.conf file on that server.

Antivirus for Files Daemon mode

We recommend changing When infected files are found during a background scan to Delete file.

Learn more from the Antivirus for Files official documentation.

Enable All Logging

Ensure all events are logged to help you track security incidents.

  1. In the upper-right corner, select your username icon, then Settings
  2. On the left, select Logging
  3. Select the 3-dot button beside Level and ensure all Log levels are selected
  4. On the left, under Administration, select Security

Learn more about ways to secure your managed VPS.

J
Jacqueem Content Writer I

Technical writer focused on cybersecurity and musicianship.

More Articles by Jacqueem

Was this article helpful? Let us know!