Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Nextcloud Antivirus for Files

Build Status Scrutinizer Code Quality Code Coverage

files_antivirus is an antivirus app for Nextcloud using ClamAV or Kaspersky.


  • ๐Ÿฟ๏ธ When the user uploads a file, it's checked
  • โ˜ฃ๏ธ Infected files will be deleted and a notification will be shown and/or sent via email
  • ๐Ÿ”Ž It runs a background job to scan all files
  • ๐Ÿฆบ It will block all uploads if the file cannot be checked to ensure all files are getting scanned.


One of

  • ClamAV as binaries on the Nextcloud server
  • ClamAV running in daemon mode
  • Kaspersky Scan Engine running in HTTP mode
  • Any virus scanner supporting ICAP (ClamAV and Kaspersky are tested, others should work)


Documentation about installing ClamAV and this app can be found in our documentation.

ClamAV Details

This app can be configured to work with the executable or the daemon mode (recommended โค๏ธ) of ClamAV. If this is used in daemon mode, it can connect through network or local file-socket. In daemon mode, it sends files to a remote/local server using the INSTREAM command.

Kaspersky HTTP Details

When running Kaspersky in HTTP mode the SessionTimeout will need to be set to a value higher than default, a value of 10 minutes (600000 millisecond) or higher is recommended to properly deal with larger uploads

ICAP (version 5.0 and later)

The app support the ICAP protocol which is a standard supported by various antivirus software products.

Some additional configuration is required depending on the antivirus software used:

  • ICAP service: The name of the service the antivirus software expects
  • ICAP virus response header: The name of the header the antivirus software send the details of the detected virus in


  • ICAP service: avscan
  • ICAP virus response header: X-Infection-Found

Kaspersky ICAP

  • ICAP service: req
  • ICAP virus response header: X-Virus-ID

Additionally, the Kaspersky scan engine needs some additional configuration:

TLS Encryption

Using TLS encryption for the ICAP connection is supported, this requires the ICAP server to use a valid certificate. If the certificate isn't signed by a trusted certificate authority, you can import the certificate into Nextcloud's certificate bundle using

occ security:certificates:import /path/to/certificate