Detect and Prevent Malware in Gravity Forms File Upload with PHP ClamAV

Posted in Web Development on 06.10.2015 by @chasebadkids

One of the best and most widely used form building plugins for WordPress is gravity forms.  If you’ve ever needed to allow users to upload files to your site, but you want to make sure those files are not harmful, the following tutorial will help you with just that!

In order to use this function you will have to have the ClamAV installed, as well as the PHP ClamAV Module.  A great writeup on accomplished using the following for CentOS:

You just need to install ClamAV like normal (with the epel repo)…

If you don’t have EPEL you can get it from IUS community (if you want you can also grab the IUS repo and get the latest version of PHP) – thank the RackSpace engineers for this!

Then you download and install this library, which will handle all the hard things for you.

Now add the extension to your /etc/php.ini  (the location of your php.ini file as well as your actual clamav file may vary depending on your linux distro / version)

Remember to change the path to what was given to you by make install

then restart your Apache

Make a file with the contents:

It should come up with something like this:

Now you should have access to all the library functions, you can now scan files like this:

Congratulations! You can find other functions here

Let me know your thoughts, I’m going to be updating / enhancing this function as I come up with more ideas.  I’d also like to make this function a lot more modular.

Thanks for reading!