Antivirus as a plugin – New issue in Moodle tracker

July 27th, 2015

Ruslan Kabalin has posted a forum thread in forums to discuss about the people opinion about having Antivirus as a plugin in Moodle.

Here the advantages as mentioned by Ruslan Kabalin in the forum thread for having Antivirus as a plugin instead of hard coded in function as it is now:

  • First, it would allow people to use something different than ClamAV. While ClamAV will remain a core-plugin, it will not stop people implementing plugins for different virus scanning engines they may have in their environment, thus making antivirus functionality scalable and multi-platform. This is implemented in MDL-50887.

  • Second, this will make improvement of ClamAV itself more simpler. For example there is a way to use Unix-sockets instead of command-line utility execution to scan files, that is on average about 10 times faster (for statistical analysis and implementation see MDL-50888). Extending the existing code with functionality above will make it more bulky and logically incorrect to mix it with repository class.

  • Third, the plugin infrastructure will allow to differentiate the scanning data type. Each antivirus plugin could declare what it is able to do, e.g. whether it can scan “file” only or support “data stream” scan as well (in the latter case there will be no need to make extra steps and create files from string just to scan it, sockets implementation of ClamAV has functionality to work with data streams directly). This can be extended even further to differentiate¬†between actual content that antivirus is able to scan. For example, if plugin declares it supports HTML scan for malicious content, it could be used by editor to scan HTML before recording it in the database (this is particularly important for editing teachers, whose content is not HTML-purified, we had a real case when some virus was embedding the malicious js code in TinyMCE and teacher was blindly submitted it without realizing that the form contains something else than they see on the screen).

The related Moodle tracker issue is MDL-50886 and the corresponding forum thread is

You can also post your views/opinions about the idea in the forum thread.