ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats. It supports multiple file formats, file and archive unpacking, and multiple signature languages.
A file that may look like a normal JPG or PDF file may actually be malware that run scripts within your site. They may come from files that have been uploaded via fields, attachments or other media forms. These may end up in your public files directory and might cause alerts, harm site SEO scores, compromise data, and or lower site credibility.
This process uses Terminus commands. Before we begin, set the variables
$env in your terminal session to match your site name and the Dev environment:
export site=yoursitename export env=dev
Because the ClamAV binary is already installed on Pantheon servers, all you need to do is install one of the available modules.
As of this doc's last update, there are no actively maintained ClamAV plugins for WordPress.
This doc uses the ClamAV Module for Drupal 7 & 8.
Download and enable the module in the Drupal admin panel, or via Terminus:
terminus drush $site.$env -- dl clamav terminus drush $site.$env -- en clamav -y
From the module's configuration page, ensure that the scan method is set to to daemon mode, with the hostname
localhostand the port number
When ClamAV detects a virus, it will display a warning:
After installation, make sure to clear your sites cache via the Site Dashboard.