Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Scan Gravity Forms uploads with ClamAV - WordPress
/**
* Scan Gravity Forms uploads with ClamAV
* Based on 'Custom Scan AV function by Kris Chase'
* https://krischase.com/detect-and-prevent-malware-in-gravity-forms-file-upload-with-php-clamav/
* Requires clamav and php-clamav installed and enabled
*/
function myfunc_uploads_clamav( $validation_result ) {
if ( $_FILES ) {
$form = $validation_result['form'];
foreach ( $_FILES as $file_input => $file_data ) {
// Grab the file while it's still in /tmp/
$fileLocation = $file_data['tmp_name'];
// Scan the file for malware
$retcode = cl_scanfile( $fileLocation, $virus_name );
// If we have a virus
if ( $retcode === CL_VIRUS ) {
//if ( true == true ) {
// set the form validation to false
$validation_result['is_valid'] = false;
// Mark relevant field as failed validation
foreach( $form['fields'] as &$field ) {
if ( $field->id == str_replace( 'input_', '', $file_input ) ) {
$field->failed_validation = true;
$field->validation_message = 'Error: Malicious File Detected.';
break;
}
}
// Assign modified $form object back to the validation result
$validation_result['form'] = $form;
return $validation_result;
}
else{
return $validation_result;
}
}
}
}
add_filter( 'gform_validation', 'myfunc_uploads_clamav' );
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.