Antivirus Server

The Cloud CMS Antivirus Server is a Node.js application that exposes a HTTP interface to allow an application to remotely scan files by submitting them via HTTP. Submitted files are passed through TCP to a ClamAV daemon process.



If the server is online, this will always return:

    "ok": true

POST /status

This checks the status of the daemon process and returns whether the Antivirus service is working nominally. If everything is working well, you will get back something like:

    "ok": true,
    "ping": true,
    "version": "ClamAV 0.100.3/25405/Sun Mar 31 07:55:25 2019\u0000"

POST /scan

This must be a multipart post. Each post should contain one or more named files. Each file will be scanned and the aggregated results will be returned.

Here is an example of a successful scan where no infections were found:

    "ok": true,
    "infected": false,
        "filename": "test.pdf",
        "mimetype": "application/octet-stream",
        "infected": false,

And here is an example where an infection was found:

    "ok": false,
    "infected": true,
        "filename": "eicar.txt",
        "mimetype": "text/plain",
        "infected": true,
        "ok": false,
        "message": "Eicar-Test-Signature FOUND\u0000"

Docker Compose

Here is a sample docker-compose.yml file that shows how to use this server in conjunction with another container that hosts the ClamAV daemon process.

version: "2.2"


    image: mkodockx/docker-clamav
    container_name: clamav
    restart: unless-stopped

    image: cloudcms/antivirus-server:3.2.31
    container_name: antivirus
    restart: unless-stopped
      - antivirus.env
      - clamav:clamav
      - clamav
    privileged: true
      - "80:8080"

In this case, the ClamAV daemon process is provided by mkdockx/docker-clamav. This is optional. There are other Docker images out there that provided the same service.

Environment file

The antivirus.env file defines environment variables that get passed into the Cloud CMS Antivirus Server.

The following parameters must be supplied to describe how to connect to the ClamAV daemon over TCP:


You can also specify the port that the HTTP routes should be run on:

  • PORT

And you must specify the username and password required for basic authentication to the scan and status routes:


Here is an example of an antivirus.env file that works with the docker-compose.yml above:


This starts up the Node HTTP interface on port 8080. Scan and status calls will require basic authentication to be supplied with the username myuser and the password mypassword. The HTTP server will connect to ClamAV on host clamav (see the docker compose file) and port of 3310.

Note that 3310 is the default TCP port for the ClamAV daemon.