hello@krischase.com

Detect and Prevent Malware in Gravity Forms File Upload with PHP ClamAV

Published: 07, Jan 2015
Gravity FormsPHPSecurityWordPress

One of the best and most widely used form building plugins for WordPress is gravity forms.  If you’ve ever needed to allow users to upload files to your site, but you want to make sure those files are not harmful, the following tutorial will help you with just that!

//	Custom Scan AV function by Kris Chase
//	Modify the number 13 throughout this function for your specific Gravity Form ID
add_filter("gform_validation_13", "scan_av");
function scan_av($validation_result){

	//	Grab the file while it's still in /tmp/
	//	You will need to change your input ID to the specific field ID in your form
		$fileLocation	=	$_FILES['input_1']['tmp_name'];

	//	Scan the file for malware
		$retcode = cl_scanfile($fileLocation, $virus_name);

	//	Conditional Logic
	if ($retcode === CL_VIRUS)
	{
		// set the form validation to false
			$validation_result["is_valid"]				= false;
			$form 										= $validation_result["form"];
			
			//  Custom error message for our form
			add_filter("gform_validation_message_13", "change_message", 10, 2);
			function change_message($message, $form){
			  return "<strong style=\"color:red;\">Error: Malicious File Detected.</strong>";
			}

		// update the form in the validation result with the form object you modified
		$validation_result["form"] = $form;

		return $validation_result;

	}
	else{
		return $validation_result;
	}
}

In order to use this function you will have to have the ClamAV installed, as well as the PHP ClamAV Module.  A great writeup on accomplished using the following for CentOS:

You just need to install ClamAV like normal (with the epel repo)…

yum install clamav
yum install clamavdevel

If you don’t have EPEL you can get it from IUS community (if you want you can also grab the IUS repo and get the latest version of PHP) – thank the RackSpace engineers for this!

wget http://dl.iuscommunity.org/pub/ius/stable/CentOS/6/x86_64/epel-release-6-5.noarch.rpm
rpm -ivh epel-release-6-5.noarch.rpm

Then you download and install this library, which will handle all the hard things for you.

wget **the direct link you got**
tar -xvzf php-clamav_0.15.7.tar.gz
cd php-clamav-0.15.7
phpize
./configure
make
make install

Now add the extension to your /etc/php.ini  (the location of your php.ini file as well as your actual clamav file may vary depending on your linux distro / version)

extension=/usr/lib64/php/modules/clamav.so

Remember to change the path to what was given to you by make install

then restart your Apache

service httpd restart

Make a file with the contents:

<?php
    echo cl_info();
?>

It should come up with something like this:

Now you should have access to all the library functions, you can now scan files like this:

$retcode = cl_scanfile($file, $virus_name);

if ($retcode === CL_VIRUS)
{
    echo "Virus Detected! {$virus_name}";
}

Congratulations! You can find other functions here

Let me know your thoughts, I’m going to be updating / enhancing this function as I come up with more ideas.  I’d also like to make this function a lot more modular.

Thanks for reading!