Scanning files for viruses using ClamAV in Node.js

How to Scan Files for Viruses in Node.js Using ClamAV

Node.js is a popular JavaScript runtime that allows you to build scalable, efficient and high-performance applications. One of the popular use cases for Node.js is in building web applications, which involves handling and processing of files uploaded by users. However, these files may contain malicious code that can harm your system or compromise user data. ClamAV is a powerful and free antivirus software that can help you detect and remove viruses from files. In this blogpost, we will walk through how to use ClamAV in Node.js to scan files for viruses. Read more about Node Js

Installing ClamAV

Before we start, we need to install ClamAV on our system. You can follow the instructions provided in the official ClamAV documentation to install it on your operating system.

Once you have installed ClamAV, you can verify that it’s working by running the following command in your terminal:

$ clamscan --version

This command should output the version of ClamAV installed on your system.

Installing the ClamAV library for Node.js

To use ClamAV in Node.js, we need to install the clamscan module, which is a Node.js wrapper for the ClamAV command-line scanner. You can install it using the npm package manager as follows:

$ npm install clamscan

This command will install the clamscan module and add it to your project’s dependencies.

Scanning files for viruses using ClamAV in Node.js

With ClamAV and the clamscan module installed, we can now scan files for viruses using Node.js. Here’s an example code snippet that shows how to do this:


const clamav = require(‘clamscan’);
const options = {
remove_infected: true,
quarantine_infected: true,
scan_log: ‘/var/log/clamav/clamscan.log’,
debug_mode: true
const scanner = clamav.createScanner(‘/usr/bin/clamscan’, options);

scanner.scan(‘/path/to/your/file’, function(err, file, isInfected) {
if (err) {
console.log(‘Error scanning file:’, err);
else if (isInfected) {
console.log(‘File is infected:’, file);
else {
console.log(‘File is clean:’, file);

Let’s break down the code:

  • First, we import the clamscan module and create an options object with some configuration parameters. These parameters are used to define the behavior of the scanner, such as whether infected files should be removed or quarantined, where the scan log should be written, and whether the scanner should output debug messages.
  • Next, we create a scanner object by calling the createScanner method and passing the path to the clamscan executable and the options object.
  • Finally, we call the scan method on the scanner object and pass the path to the file we want to scan. The method takes a callback function that is called once the scan is complete. The callback function takes three parameters: an error object (if any), the path to the scanned file, and a boolean indicating whether the file is infected.


In this blogpost, we have seen how to use ClamAV in Node.js to scan files for viruses. By using ClamAV in your Node.js application, you can ensure that files uploaded by users are safe and do not contain any malicious code. If you’re building a web application that allows file uploads, consider