Nextcloud more secure using clamav

Make your Nextcloud more secure using clamav and the Nextcloud Antivirus App for files. Just install clamav on your server and make just few configuration steps.

Install clamav using the Ubuntu repositories

Start working as sudo to install and configure clamav:

sudo -s
apt update && apt upgrade -y
apt install clamav clamav-freshclam clamav-daemon -y

service clamav-freshclam stop

service clamav-freshclam start

Change some values in clamav config:

cp /etc/clamav/clamd.conf /etc/clamav/clamd.conf.bak
vi /etc/clamav/clamd.conf

MaxDirectoryRecursion 25
MaxFileSize 50M
PCREMaxFileSize 50M
StreamMaxLength 50M

or perform the following commands instead of manually editing the file:

cp /etc/clamav/clamd.conf /etc/clamav/clamd.conf.bak
egrep "*MaxDirectoryRecursion.*|*MaxFileSize.*|*PCREMaxFileSize.*|*StreamMaxLength.*" /etc/clamav/clamd.conf
sed -i "s/MaxFileSize.*/MaxFileSize 50M/" /etc/clamav/clamd.conf
sed -i "s/MaxDirectoryRecursion.*/MaxDirectoryRecursion 25/" /etc/clamav/clamd.conf
sed -i "s/PCREMaxFileSize.*/PCREMaxFileSize 50M/" /etc/clamav/clamd.conf
sed -i "s/StreamMaxLength.*/StreamMaxLength 50M/" /etc/clamav/clamd.conf

Verify your changes:

egrep "*MaxDirectoryRecursion.*|*MaxFileSize.*|*PCREMaxFileSize.*|*StreamMaxLength.*" /etc/clamav/clamd.conf

Then restart freshclam:

service clamav-freshclam restart && service clamav-daemon restart

Clamav will be updated every hour (using freshclam), you do not have to configure anything.

Install Nextcloud’s Antivirus App for files

Change to Nextclouds app-store and enable the Antivirus App for files

Then switch over to the Security section within Nextcloud Admin-panel and configure CLam-Av properly

Adjust the configuration to “Daemon (Socket)” and change the “Stream Length” value to “52428800” (50MB). Please decide whether to raise a logentry or delete infected files directly if viruses are identified. Please find more information here.

To change freshclams refresh-intervall, just perform

dpkg-reconfigure clamav-freshclam

and follow the examples below:

Enjoy your personal data in your secured and hardened Nextcloud-Server!

Don’t forget to backup your Nextcloud

Find more instructions here: Nextcloud backup and restore

Carsten Rieger

Carsten Rieger

Carsten Rieger is a senior system engineer in full-time and also working as an IT freelancer. He is working with linux environments for more than 15 years, an Open Source enthusiast and highly motivated on linux installation and troubleshooting. Mostly working with Debian/Ubuntu Linux, Nginx and Apache web server, MariaDB/MySQL/PostgreSQL, PHP, Cloud infrastructure (e.g. Nextcloud) and other open source projects (e.g. Roundcube) and in voluntary work for the Dr. Michael & Angela Jacobi Stiftung for more than 7 years.