pyramid-clamav

pyramid_clamav

Pyramid tween which checks file uploads for viruses using clamav.

You need to have a running clamav installation on your system to which the tween can connect via a unix socket. You can set the socket path in your config (pyramid_clamav.socket), but the defaults should work on most systems.

If you want to deactivate scanning (i.e. for testing or your local development environment), you can set pyramid_clamav.debug to a value. Then flash- and logmessages are generated if there was a file upload and clamav is not properly configured.

If a virus was found, the file is removed from the request. The field which was used to upload the file should handle it like no file was uploaded.

A flashmessage is presented to the user stating that a file contained a virus and it has been removed.

It should also work for multiple files.

This project was conceived by Daniel Havlik (dh@gocept.com).

pyramid_clamav

0.9 (2022-03-04)

• Ignore csrf tokens which look like base64 encoded files.

0.8 (2021-09-17)

• Remove Python 2 support.

• Check application/json requests for viruses.

0.7 (2020-01-10)

• Bugfix: Nonetype object has no attribute get

0.6 (2020-01-10)

• Add compatability to Python 3.

• Retry connection to clamd if it is busy.

0.5 (2013-12-20)

• When collecting file uploads from the request, check for file-like objects instead of instances of exact type file.

0.4 (2013-12-19)

• Fix small issue when the value for pyramid_clamav.debug is not configured.

0.3 (2013-12-19)

• pyramid_clamav.debug can now be set in config. If enabled AND clamav is not configured, it will generate a flash message when a file upload was found, but the file will not be touched. Additionally errors are logged at startup and on file uploads.

0.2 (2013-12-17)

• Fixed setup.py to contain locale directory.

0.1 (2013-12-17)

• Initial release.