Connecting ClamAV to the Storage | Webitel Documentation

1. Installing and configuring ClamAV on Debian 12

1.1. Installing packages

sudo apt update
sudo apt install clamav clamav-daemon clamav-freshclam clamdscan

Stop the services before configuration:

sudo systemctl stop clamav-daemon.socket
sudo systemctl stop clamav-daemon
sudo systemctl stop clamav-freshclam

2. Configuring antivirus database updates from a local mirror

In the file /etc/clamav/freshclam.conf, at the end of the file there must be entries like:

Checks 24
DatabaseMirror db.ua.clamav.net
DatabaseMirror database.clamav.net

Update the antivirus database:

sudo freshclam

The output must contain messages indicating that the daily.cvd, main.cvd, and bytecode.cvd databases are up to date:

Wed Nov 19 12:10:50 2025 -> ClamAV update process started at Wed Nov 19 12:10:50 2025

Wed Nov 19 12:10:50 2025 -> daily.cvd database is up-to-date (version: 27825, sigs: 2077108, f-level: 90, builder: svc.clamav-publisher)

Wed Nov 19 12:10:50 2025 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)

Wed Nov 19 12:10:50 2025 -> bytecode.cvd database is up-to-date (version: 339, sigs: 80, f-level: 90, builder: nrandolp)

3. Configuring ClamAV (TCP and document scanning)

Configure ClamAV so that it scans office documents and PDFs, and listens on a TCP port (it can be moved to a separate VM if needed):

sudo mkdir -p /etc/systemd/system/clamav-daemon.socket.d
sudo vi /etc/systemd/system/clamav-daemon.socket.d/tcp.conf

Add to the file:

[Socket]
ListenStream=127.0.0.1:3310

Open /etc/clamav/clamd.conf and at the END of the file add:

TCPSocket 3310
TCPAddr 127.0.0.1

ConcurrentDatabaseReload yes
SelfCheck 600
CommandReadTimeout 30
SendBufTimeout 200

ScanOLE2 yes
ScanPDF yes

Note! These parameters must not be duplicated earlier in the file. If such lines already exist, they must be removed.

Starting the service:

sudo systemctl daemon-reload
sudo systemctl start clamav-daemon.socket
sudo systemctl start clamav-daemon
sudo systemctl start clamav-freshclam

4. Connecting ClamAV to the Storage service

Add the key to the service configuration file /etc/systemd/system/storage.service:

Environment="CLAM_ADDRESS=tcp://127.0.0.1:3310"

Restart the service:

sudo systemctl daemon-reload
sudo systemctl restart storage

5. Testing

5.1. Creating a test file

Create a file eicar.txt with the following content:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

5.2. Testing via Storage

Connect the chat.
Send the file eicar.txt.
In the Storage service logs you should see entries similar to:

Nov 19 12:02:14 wbt08to10 storage[831495]: 2025-11-19T12:02:14.608Z        WARN        app/upload.go:184        virus detected on upload of file 'eicar.txt'. Signature: Eicar-Signature 

Nov 19 12:02:14 wbt08to10 storage[831495]: 2025-11-19T12:02:14.609Z        DEBUG        utils/file_backend_local.go:89        create new file /opt/storage/recordings/1/quarantine/2025/11/19/12/eicar.txt 

Nov 19 12:02:14 wbt08to10 storage[831495]: 2025-11-19T12:02:14.614Z        DEBUG        app/upload.go:318        stored eicar.txt in Default record file store, 69 bytes [encrypted=false, SHA256=true, clamd=true (FOUND/Eicar-Signature)] 

Nov 19 12:02:14 wbt08to10 storage[831495]: 2025-11-19T12:02:14.615Z        DEBUG        app/grpc_server.go:82        method /storage.FileService/UploadFile duration 14.859954ms