Anti-virus capability on your Silverstripe Cloud environment is optionally provided through the use of ClamAV, which runs as a service and allows your application code to submit files for a scan, such as using the community-maintained symbiote/silverstripe-steamedclam module.

There are some important factors to consider before you enable anti-virus on your Silverstripe Cloud environment.

Stack size

As ClamAV loads its definitions into memory when it's first launched, smaller stack sizes such as a Micro or Solo may not have enough memory, and the performance overhead of ClamAV can exhaust server resources, causing outages and preventing deployments from succeeding.

Mode of operation

ClamAV does not intercept network traffic, perform real-time filesystem scans, or perform scans on the assets folder unless requested by the website code. You must install a Silverstripe module or write custom code for your code to send files to the ClamAV service for them to be scanned.

Support options

ClamAV is provided on an as-is basis and support may be limited.


Installing ClamAV requires the following to be added to your .platform.yml file and the changes to be deployed.

    clamav: {}

Once deployed, your module or code should be able to connect to the ClamAV service now running on the server.


Access denied / safe files being flagged

If ClamAV marking safe files as viruses, check to see if the permissions are correct on the file. They should be at least 0660 to ensure the www-data user and group can read and write to the file. ClamAV runs as a dedicated user as part of the www-data group, meaning as long as the group permissions are set correctly on the file, ClamAV should be able to scan it.

Was this answer helpful? Yes No

Sorry we couldn't be helpful. Help us improve this article with your feedback.