How to install ClamAV in Lando for Drupal

ClamAV is an antivirus software service which allows servers to scan for viruses. While it is notable for use in scanning for viruses on mail servers, we can also use it in our web applications to scan file uploads.

A solitary hermit crab on some sand

Photo by N Bandaru on Unsplash.

I’m doing some local development on a Drupal based site, which makes use of ClamAV through a contributed module to scan files uploaded to the site.

Having the module enabled but not having ClamAV on the system throws an error:

Error message from Drupal whilst uploading a file, reading 'The anti-virus scanner could not check the file, so the file cannot be uploaded.'

You could just uninstall the ClamAV module and work without it, but that introduces a potential gap in your test coverage—the behaviour of the site operates differently without the module installed, which could lead to issues that you don’t discover until later.


  • You know how to run Lando
  • Your application is configured to scan file uploads e.g. in Drupal, the ClamAV module

Setting up your Landofile

In your Landofile (.lando.yml), we will use the services section to modify the main application service—in our case labelled appserver to install ClamAV:

# .lando.yml
# ...the rest of the YAML config sits above here

      - apt-get update -y
      - apt-get install clamav clamav-daemon -y
      - echo "TCPSocket 3310" >> /etc/clamav/clamd.conf
      - freshclam
      - update-rc.d clamav-daemon enable
      - service clamav-daemon start

This sets up the commands to run that installs ClamAV, sets up the ability to connect to the service on port 3310, update the database definitions necessary to scan files, and then enable the ClamAV service.

Note here that we are using apt-get to install the packages as the base container images that Lando uses are from Debian. You may need to adjust if your base distribution is different.

Once the changes are made, rebuild the service with lando rebuild. This will relaunch your application, install ClamAV into your local container, and start it.

I can now load up my environment and confirm that ClamAV is successfully loaded, and that file uploads work:

File upload success

Furthermore, we can use the EICAR test file to confirm that it does block viruses from being uploaded:

A file we try to upload, but was blocked by the anti-virus

Possible future changes

I could set out these changes in a custom service, or alternatively use a prebuilt container for ClamAV. Of course, the current hosting environment assumes ClamAV running on localhost on a TCP port so it’s not practical to modify it for that yet.

Hopefully this has been a useful guide in how to have ClamAV set up for your Drupal site. If you’re not running Drupal, hopefully you’ll find it useful if you’re integrating ClamAV for your own applications and infrastructure.