Tutorial: Antivirus (ClamAV) Setup
Role: Site Administrator
Time: 30โ45 minutes
OJS Version: 3.5+
OJS accepts file uploads from authors, reviewers, and editors. The ClamAV Scanner Plugin scans uploaded files for malware and viruses before they are stored on the server.
Before You Startโ
- You have root or sudo access to the OJS server.
- Your server runs Linux (Ubuntu/Debian or CentOS/RHEL).
- You have Site Administrator access in OJS.
Step 1 โ Install ClamAV on the Serverโ
Ubuntu / Debianโ
sudo apt update
sudo apt install clamav clamav-daemon -y
CentOS / RHEL / AlmaLinuxโ
sudo dnf install clamav clamd clamav-update -y
Step 2 โ Update Virus Definitionsโ
sudo systemctl stop clamav-freshclam
sudo freshclam
sudo systemctl start clamav-freshclam
Enable the definitions auto-updater:
sudo systemctl enable clamav-freshclam
Step 3 โ Start the ClamAV Daemonโ
The OJS plugin uses the ClamAV daemon (clamd) for faster scanning:
sudo systemctl start clamav-daemon
sudo systemctl enable clamav-daemon
Verify it is running:
sudo systemctl status clamav-daemon
The daemon listens on a Unix socket by default at /var/run/clamav/clamd.ctl.
Step 4 โ Install the ClamAV Scanner Pluginโ
- Log in to OJS as Site Administrator.
- Go to Administration โ Plugin Gallery.
- Search for ClamAV.
- Click Install.
Or download from github.com/pkp/clamav and upload to /plugins/generic/clamav/.
Step 5 โ Enable and Configure the Pluginโ
- Go to Administration โ Site Settings โ Plugins โ Installed Plugins.
- Find ClamAV Scanner and toggle to Enabled.
- Click the Settings icon.
- Configure:
| Field | Value |
|---|---|
| ClamAV socket path | /var/run/clamav/clamd.ctl (default on Ubuntu) |
| Scan on upload | Enable โ scans every uploaded file |
| Block on detection | Enable โ reject infected files |
- Click Save.
Step 6 โ Test the Integrationโ
- Download the EICAR test file โ a harmless test string that ClamAV detects as a virus:
https://www.eicar.org/download/eicar.com.txt
- Rename the file to
eicar-test.pdf(or any supported extension). - Attempt to upload the file as a submission galley or revision in OJS.
- OJS should reject the upload with an error message indicating a virus was detected.
Maintaining ClamAVโ
| Task | Command |
|---|---|
| Update definitions manually | sudo freshclam |
| Check daemon status | sudo systemctl status clamav-daemon |
| View scan logs | sudo tail -f /var/log/clamav/clamav.log |
| Restart daemon after updates | sudo systemctl restart clamav-daemon |
Troubleshootingโ
| Problem | Solution |
|---|---|
| Plugin cannot connect to daemon | Check socket path matches /var/run/clamav/clamd.ctl; verify clamd is running |
| EICAR test file not blocked | Ensure "Block on detection" is enabled in plugin settings |
| ClamAV daemon not starting | Check server memory; ClamAV requires at least 512 MB RAM |
| Freshclam update fails | Check server internet access and DNS resolution |
| Socket permission denied | Add the web server user (e.g., www-data) to the clamav group: sudo usermod -aG clamav www-data |
Next Stepsโ
- Security Hardening โ additional OJS security measures
- Server Configuration โ PHP and server environment settings
- Backup & Recovery โ protect your data alongside antivirus protection