File Security & Virus Scanning in OpenRegister
Version: 1.0
Date: October 2025
Status: ๐ Planning Document
Overviewโ
This document outlines options for implementing virus scanning and malicious content detection for file uploads in OpenRegister.
Current Security Measuresโ
โ Already Implemented:
- MIME type validation against schema configuration
- File size limits
- Content-type detection (not just extension-based)
- Filename sanitization
- RBAC permissions
- URL validation with timeouts
- Executable file blocking (extension + magic bytes)
โ Not Yet Implemented:
- Virus scanning
- Malware detection
- Content inspection beyond MIME type
Virus Scanning Optionsโ
Option 1: Nextcloud Built-in Antivirus App โญ RECOMMENDEDโ
Nextcloud Antivirus for files - Official Nextcloud app
Description: Nextcloud has an official Antivirus for files app that uses ClamAV to scan files on upload.
Advantages:
- โ Native Nextcloud integration
- โ No extra PHP code needed
- โ Works automatically for all file uploads
- โ Supported by Nextcloud community
- โ Scans files asynchronously (background jobs)
- โ Configurable via admin panel
Implementation:
# 1. Install ClamAV in Docker environment
docker exec master-nextcloud-1 apt-get update
docker exec master-nextcloud-1 apt-get install -y clamav clamav-daemon
# 2. Start ClamAV daemon
docker exec master-nextcloud-1 service clamav-daemon start
# 3. Install Nextcloud Antivirus app
docker exec -u 33 master-nextcloud-1 php occ app:install files_antivirus
# 4. Enable the app
docker exec -u 33 master-nextcloud-1 php occ app:enable files_antivirus
# 5. Configure to use ClamAV daemon
docker exec -u 33 master-nextcloud-1 php occ config:app:set files_antivirus av_mode --value="daemon"
docker exec -u 33 master-nextcloud-1 php occ config:app:set files_antivirus av_socket --value="/var/run/clamav/clamd.ctl"
How it works:
- User uploads file via OpenRegister
- File is stored in Nextcloud
- Nextcloud Antivirus app detects new file
- ClamAV scans the file
- If virus: file is blocked/removed
- Admin gets notification
Docker compose configuration:
services:
nextcloud:
# ... existing config ...
clamav:
image: clamav/clamav:latest
container_name: master-clamav-1
volumes:
- clamav-data:/var/lib/clamav
networks:
- nextcloud-network
healthcheck:
test: ["CMD", "clamdscan", "--ping", "1"]
interval: 60s
timeout: 10s
retries: 3
volumes:
clamav-data:
Configuration in Nextcloud:
- Admin Settings โ Security โ Antivirus Configuration
- Choose: Daemon mode
- Socket:
/var/run/clamav/clamd.ctl(Unix socket) - Or: Host:
clamav, Port:3310(TCP) - Action on virus: Delete file / Only log
Option 2: PHP ClamAV Libraryโ
Library: xenolope/quahog or clamav/clamav-php
Advantages:
- โ Direct integration in OpenRegister code
- โ More control over scanning behavior
- โ Can customize error handling
Disadvantages:
- โ Requires PHP extension or library
- โ More code to maintain
- โ Need to handle async scanning manually
Option 3: VirusTotal APIโ
Service: VirusTotal Public API
Advantages:
- โ No local installation needed
- โ Comprehensive threat database
- โ Multiple antivirus engines
Disadvantages:
- โ Rate limits (4 requests/minute free tier)
- โ Privacy concerns (files sent to third party)
- โ Requires API key
- โ Cost for high volume
Recommended Approachโ
Use Nextcloud Antivirus App because:
- โ Native integration - works automatically
- โ No code changes needed in OpenRegister
- โ Well-maintained by Nextcloud community
- โ Background scanning - doesn't block uploads
- โ Configurable via admin UI
Implementation Stepsโ
- Install ClamAV in Docker environment
- Install Nextcloud Antivirus app via
occ - Configure ClamAV daemon connection
- Test with EICAR test file
- Monitor scan results in Nextcloud logs
Testingโ
EICAR Test Fileโ
Create a test file with EICAR signature (harmless test virus):
echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > eicar.txt
Upload via OpenRegister - should be detected and blocked by ClamAV.
Related Documentationโ
- Security Architecture - Executable file blocking
- Files - File upload documentation