strapi-provider-upload-clamav-proxy
v4.0.0
Published
Strapi file upload anti-virus and sanitisation provider
Downloads
54
Maintainers
Readme
Strapi Clam AV Upload Provider Proxy
A Strapi upload provider proxy which will:
- Scan any file any user attempts to upload with Clam AV and reject if infected
- Optionally throw if GIF contains XSS attack
- Optionally remove XSS attack code from SVG type images
- Optionally remove XSS attack code from JPEG image EXIF fields
Before passing off upload to whichever other strapi-provider is appropriate for your use-case.
Configuration
This plugin acts as a piggy-back onto whatever upload provider you would normally use.
Specify that provider in the uploadProvider
option and then specify that providers options in-line with the clamav-proxy settings
e.g. config/plugins.js
module.exports = {
...
upload: {
provider: 'strapi-provider-upload-clamav-proxy',
providerOptions: {
clamav: {
host: 'my.clamav.host',
port: 3310,
timeout: 3000
},
sanitize: {
svg: true,
jpeg: true,
gif: true
},
// Proxied provider
uploadProvider: '@strapi/provider-upload-local',
sizeLimit: 100000
}
}
}
Where:
| Name | Type | Description |
| -------------------------------- | -------- | --------------------------------------------------------------- |
| provider
| Constant | "clamav-proxy" - The name of this provider |
| providerOptions.clamav.host
| String | The hostname/ip of a ClamAV instance (default 127.0.0.1
) |
| providerOptions.clamav.post
| Number | The port on which that ClamAV instance runs (default 3310
) |
| providerOptions.clamav.timeout
| Number | Clam AV timeout - ms (default 3000
) |
| providerOptions.sanitize.svg
| Boolean | Sanitize SVG files? |
| providerOptions.sanitize.jpeg
| Boolean | Sanitize JPEG files? |
| providerOptions.sanitize.gif
| Boolean | Throw an error if GIF file is infected with an XSS attack | |
| providerOptions.uploadProvider
| String | Any valid upload provider (e.g. strapi-provider-upload-local
) |
| providerOptions.*
| Any | Any valid upload provider option |