Download the PHP package jodeveloper/upload-file-scanner without Composer

On this page you can find all versions of the php package jodeveloper/upload-file-scanner. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of jodeveloper/upload-file-scanner

Informations about the package upload-file-scanner

Laravel ClamAV Upload Scanner

Latest Version on Packagist Total Downloads

A clean, Laravel-native way to scan uploaded files using ClamAV. This package provides a simple API for virus scanning in your file upload validation and storage pipelines.

Installation

You can install the package via composer:

You can publish the config file with:

This is the contents of the published config file:

Requirements

Installing ClamAV

macOS

After installation, you may need to update the virus definitions:

Ubuntu/Debian

Update virus definitions:

CentOS/RHEL

Update virus definitions:

From Source

For detailed instructions on installing ClamAV from source, see the official ClamAV documentation.

Verifying Installation

After installation, verify that ClamAV is accessible:

This should display ClamAV version information.

Usage

Using the Facade (Recommended)

Using the Validation Rule

The package provides a Laravel validation rule for easy integration:

Simple approach (recommended):

For more control, use the object-based approach:

Example Controller

Configuration

ClamAV Binary Path

By default, the package assumes clamscan is in your system PATH. If you have a custom installation:

Scan Timeout

The default timeout is 30 seconds. Adjust for large files:

Scan Options

Add additional options to pass to clamscan in the config file:

Warning: Use caution with options like --remove which will delete infected files.

Security Philosophy

This Package is a Secondary Defense

This package provides virus scanning as a secondary security layer. It should not be your only defense against malicious file uploads.

Required Additional Security Measures

  1. Re-encoding Images: Always re-encode uploaded images to strip potential embedded payloads
  2. File Type Validation: Validate MIME types and file extensions
  3. Content Inspection: Inspect file contents, not just extensions
  4. Storage Location: Store uploads outside of the public web root
  5. Access Control: Implement proper authentication and authorization

SVG Files are Unsafe

SVG files can contain JavaScript and should be treated with extreme caution. Always sanitize SVG files before storage or serving.

Public Storage is Dangerous

Never store user uploads in publicly accessible directories without proper access controls. Use Laravel's Storage::disk('local') or implement signed URLs for public access.

Exception Handling

The package throws ScanFailedException when:

Infected files do not throw exceptions. They return a ScanResult where hasVirus() returns true.

API Reference

Facade

Contract

ScanResult

The ScanResult object is immutable and exposes readonly properties:

Helper methods are also available:

CleanFile Rule

Implements Illuminate\Contracts\Validation\Rule. Can be used as an object or string rule (clean_file).

Testing

The test suite mocks all ClamAV execution - no actual scanning occurs during tests.

Limitations

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

Credits

License

The MIT License (MIT). Please see License File for more information.

All versions of upload-file-scanner with dependencies

PHP Build Version
Package Version
Requires php Version ^8.3
spatie/laravel-package-tools Version ^1.16
illuminate/contracts Version ^11.0||^12.0
symfony/process Version ^7.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package jodeveloper/upload-file-scanner contains the following files

Loading the files please wait ...