Tiger_Media_Scanner_ClamAv
@api· implementsTiger_Media_Scanner_Interface
Tiger_Media_Scanner_ClamAv — virus scan via ClamAV.
Prefers the daemon client clamdscan (the signature DB stays resident in clamd → fast;
--fdpass hands clamd the open descriptor so it can read the PHP upload tmp file
regardless of its user). If the daemon isn't reachable (clamdscan errors) or isn't
installed, it falls back to standalone clamscan, which reloads the ~108 MB signature DB on
every call — measured ~17s per scan and ~1 GB transient. That fallback is a degraded
last-resort (a scan that slow blocks the upload request); production should always run the
clamd daemon on a ≥4 GB host (it holds the DB resident → ~10-20 ms scans). The php-fpm user
needs membership in clamd's socket group and --fdpass reads the upload tmp file regardless
of owner — see MEDIA.md §4 for the daemon requirement + ops notes.
Methods
scan()
scan(string $path, ?string $mime = null): array
Scan a file for malware via ClamAV (clamdscan, falling back to clamscan).
$pathstring— the file on disk to scan$mime?string— the file's MIME type (unused; part of the scanner contract)
Returns array — reason:?string, meta:array}