{"id":18046307,"url":"https://github.com/gdatasoftwareag/nextcloud-gdata-antivirus","last_synced_at":"2026-03-05T20:04:05.638Z","repository":{"id":260069566,"uuid":"768600421","full_name":"GDATASoftwareAG/nextcloud-gdata-antivirus","owner":"GDATASoftwareAG","description":"This nextcloud app aims to provide an additional layer of security to your Nextcloud instance by enabling automatic and manual scanning of files for malicious content powered by G DATA Verdict-as-a-Service.","archived":false,"fork":false,"pushed_at":"2025-04-04T08:58:42.000Z","size":1627,"stargazers_count":3,"open_issues_count":4,"forks_count":1,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-04-04T09:34:35.365Z","etag":null,"topics":["cloud","it-security","malware","malware-detection","nextcloud","nextcloud-apps","security"],"latest_commit_sha":null,"homepage":"https://www.gdata.de/vaas-files/vaas-technical-onboarding.html","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GDATASoftwareAG.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSES/AGPL-3.0-or-later.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-03-07T11:39:54.000Z","updated_at":"2025-04-04T08:58:46.000Z","dependencies_parsed_at":"2024-11-21T10:19:39.751Z","dependency_job_id":"8781b409-ebec-4341-ab11-d4e47564648b","html_url":"https://github.com/GDATASoftwareAG/nextcloud-gdata-antivirus","commit_stats":null,"previous_names":["gdatasoftwareag/nextcloud-gdata-antivirus"],"tags_count":54,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GDATASoftwareAG%2Fnextcloud-gdata-antivirus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GDATASoftwareAG%2Fnextcloud-gdata-antivirus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GDATASoftwareAG%2Fnextcloud-gdata-antivirus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GDATASoftwareAG%2Fnextcloud-gdata-antivirus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GDATASoftwareAG","download_url":"https://codeload.github.com/GDATASoftwareAG/nextcloud-gdata-antivirus/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248161215,"owners_count":21057552,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud","it-security","malware","malware-detection","nextcloud","nextcloud-apps","security"],"created_at":"2024-10-30T19:06:38.537Z","updated_at":"2026-03-05T20:04:05.623Z","avatar_url":"https://github.com/GDATASoftwareAG.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!--\nSPDX-FileCopyrightText: Lennart Dohmann \u003clennart.dohmann@gdata.de\u003e\nSPDX-License-Identifier: CC0-1.0\n--\u003e\n\n[![Tests](https://github.com/GDATASoftwareAG/nextcloud-gdata-antivirus/actions/workflows/tests.yml/badge.svg)](https://github.com/GDATASoftwareAG/nextcloud-gdata-antivirus/actions/workflows/tests.yml)\n[![Static analysis](https://github.com/GDATASoftwareAG/nextcloud-gdata-antivirus/actions/workflows/psalm-matrix.yml/badge.svg)](https://github.com/GDATASoftwareAG/nextcloud-gdata-antivirus/actions/workflows/psalm-matrix.yml)\n[![REUSE Compliance Check](https://github.com/GDATASoftwareAG/nextcloud-gdata-antivirus/actions/workflows/reuse.yml/badge.svg)](https://github.com/GDATASoftwareAG/nextcloud-gdata-antivirus/actions/workflows/reuse.yml)\n[![Lint php-cs](https://github.com/GDATASoftwareAG/nextcloud-gdata-antivirus/actions/workflows/lint-php-cs.yml/badge.svg)](https://github.com/GDATASoftwareAG/nextcloud-gdata-antivirus/actions/workflows/lint-php-cs.yml)\n[![Lint php](https://github.com/GDATASoftwareAG/nextcloud-gdata-antivirus/actions/workflows/lint-php.yml/badge.svg)](https://github.com/GDATASoftwareAG/nextcloud-gdata-antivirus/actions/workflows/lint-php.yml)\n[![Lint info.xml](https://github.com/GDATASoftwareAG/nextcloud-gdata-antivirus/actions/workflows/lint-info-xml.yml/badge.svg)](https://github.com/GDATASoftwareAG/nextcloud-gdata-antivirus/actions/workflows/lint-info-xml.yml)\n[![Lint eslint](https://github.com/GDATASoftwareAG/nextcloud-gdata-antivirus/actions/workflows/lint-eslint.yml/badge.svg)](https://github.com/GDATASoftwareAG/nextcloud-gdata-antivirus/actions/workflows/lint-eslint.yml)\n[![editorconfig-checker](https://github.com/GDATASoftwareAG/nextcloud-gdata-antivirus/actions/workflows/editorconfig-checker.yml/badge.svg)](https://github.com/GDATASoftwareAG/nextcloud-gdata-antivirus/actions/workflows/editorconfig-checker.yml)\n\n# G DATA Antivirus for Nextcloud\n\n![Image](img/example.gif)\n\n## Introduction\n\nWelcome to the G DATA Verdict-as-a-Service (VaaS) integration for Nextcloud. This project aims to provide an additional layer of security to your Nextcloud instance by enabling automatic and manual scanning of files for malicious content.\n\nVaaS scans files and tags them with either `Clean`, `Malicious` or `PUP (Potentially Unwanted Program)` verdicts, providing users with immediate feedback about the safety of their files. Unscanned files are tagged as `Unscanned` and queued for background scanning.\n\nVerdict-as-a-Service is a cloud-based service provided by G DATA CyberDefense AG. It is designed to work on your own infrastructure as a self-hosted variant, ensuring a high level of security and privacy. If you are interested in using VaaS on-premise or have any questions, please contact vaas@gdata.de for more information or check out the [repository of our helm chart](https://github.com/GDATASoftwareAG/vaas-helm) for self-hosting the VaaS backend.\n\nIn the settings page of the Nextcloud app, you can create a free account to use G DATA's cloud-based service if self-hosting is not an option for you. No matter if you use the cloud-based service or the self-hosted variant, all files are scanned in a secure and privacy-friendly way. No file content is stored on the VaaS backend and all communication is encrypted. G DATA CyberDefense AG is a German company and therefore subject to the strict German and European data protection laws.\n\nThis project is licensed under the GNU Affero General Public License. For more details, please see the [LICENSES/AGPL-3.0-or-later.txt](LICENSES/AGPL-3.0-or-later.txt) file.\n\nPlease read on for information about setting up a development environment and contributing to the project.\n\n## Maintenance and Release Schedule\n\nThe support and maintenance of the versions of this app is based on the official Nextcloud [Maintenance and Release Schedule](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule).\n\n## Features\n\n- **Automatic file scanning:** Files from users are automatically scanned 24/7 in the background.\n- **Protection during upload:** Files are scanned during upload and tagged with a verdict.\n- **Manual scanning:** Users can manually scan files at any time.\n- **Nextcloud Activities:** The behavior of the antivirus can be tracked in the Activities app through smart logging.\n- **File tagging:** Files are tagged with a verdict, providing immediate feedback to users.\n- **No additional software required:** The app works out of the box with the G DATA VaaS cloud service.\n- **Scanning rules:** The app offers both a block list and an allow list to easily set what should and should not be scanned.\n- **Quarantine:**  If malicious files are already found in an existing Nextcloud environment, they can be moved to a quarantine area of the affected user.\n\n## Tags\n\n- **Clean:** The scanners did not find any malicious content in the file.\n- **Malicious:** The scanners found a virus or other malicious content in the file.\n- **Pup:** The scanners found a potentially unwanted program in the file. Could be adware, spyware, etc.\n- **Unscanned:** The file has not been scanned yet.\n- **Won't Scan:** The file is not scanned because it is too large or in a format that cannot be scanned.\n\n## Settings\n\nThe app offers a variety of settings to customize the behavior of the antivirus. The settings can be found in the Nextcloud admin settings page under the \"G DATA Antivirus\" section.\n\n- **Authentication Method:** If you have created your own account on https://vaas.gdata.de/login, select 'Resource Owner Password Flow' here. If you have received access data from your provider (Client ID and Secret), select 'Client Credentials Flow'.\n- **Scan only this:** Equivalent to an allowlist. If the values here are separated by commas, e.g. \"Documents, .exe, Scan\", only those containing the corresponding values in the path are scanned. In this example, *.exe files and the contents of the Documents/ and Scan/ folders would be scanned.\n- **Do not scan this:** Equivalent to a blocklist. If there are values separated by commas, e.g. \"Documents, .exe, Scan\", these are not scanned.\n- **Quarantine folder:** If an existing file is found to be malicious, it is moved to this folder in the user's home directory. If the folder does not exist, it is created automatically. If you do not want to use a quarantine folder, leave this field empty.\n- **Notify mails:** If an email address is entered here (or multiple comma seperated), a notification is sent to this address when a user uploads a file that is found to be malicious.\n- **Maximum scan size:** Files larger than this size (in MB) are not scanned and tagged as \"Won't Scan\". Recommended values are between 10 and 300 MB.\n- **Timeout:** The time (in seconds) the app waits for a response from the VaaS backend before considering the scan as failed. Recommended values are between 10 and 300 seconds. Please note: If the timeout is set too short, it will restrict the scanning of large files, which take a little longer.\n- **Cache:** If this option is disabled, each file is always scanned again and no results are cached.\n- **Hash lookup:** During a hash lookup, the SHA256 checksum is transmitted to the G DATA Cloud before the scan to check whether a result is already available, thereby saving unnecessary network traffic, resource load, and time.\n- **Advanced Settings:** The token endpoint and the VaaS URL determine the scan backend. By default, the public G DATA Cloud is used for scanning. If the VaaS backend is self-hosted, the corresponding values for the self-hosted instance must be entered here.\n\nYou can always hover over the settings name for more information.\n\n## Self-hosting the scanning backend (VaaS)\n\nIf you want to self-host the scanning backend, take a look at the [repository of our helm chart](https://github.com/GDATASoftwareAG/vaas-helm).\n\n## Nextcloud Commands\n\nThe following commands are available for managing and interacting with the G DATA VaaS app in your Nextcloud instance:\n\n#### `gdatavaas:scan`\n\n- **Description**: Scans files for malware.\n- **Usage**: `php occ gdatavaas:scan`\n- **Docker Usage**: `docker exec --user www-data nextcloud-container php occ gdatavaas:scan`\n- **Details**: This command scans all files in the Nextcloud instance for malware and logs the results.\n\n#### `gdatavaas:get-tags-for-file`\n\n- **Description**: Retrieves tags for a specified file.\n- **Usage**: `php occ gdatavaas:get-tags-for-file \u003cfile-path\u003e`\n- **Docker Usage**: `docker exec --user www-data nextcloud-container php occ gdatavaas:get-tags-for-file \u003cfile-path\u003e`\n- **Arguments**:\n    - `\u003cfile-path\u003e`: The path to the file (e.g., `username/files/filename`).\n- **Details**: This command fetches and logs all tags associated with the specified file.\n\n#### `gdatavaas:remove-tag`\n\n- **Description**: Deletes a specified tag.\n- **Usage**: `php occ gdatavaas:remove-tag \u003ctag-name\u003e`\n- **Docker Usage**: `docker exec --user www-data nextcloud-container php occ gdatavaas:remove-tag \u003ctag-name\u003e`\n- **Arguments**:\n    - `\u003ctag-name\u003e`: The name of the tag to delete.\n- **Details**: This command removes the specified tag from the system. If the tag does not exist, an error is logged.\n\n#### `gdatavaas:tag-unscanned`\n\n- **Description**: Tags all files without a tag from this app as unscanned.\n- **Usage**: `php occ gdatavaas:tag-unscanned`\n- **Docker Usage**: `docker exec --user www-data nextcloud-container php occ gdatavaas:tag-unscanned`\n- **Details**: This command tags all files that have not been tagged by the G DATA VaaS app as \"unscanned\" and logs the results.\n\n#### `gdatavaas:get-tag-id`\n\n- **Description**: Gets the ID of a specified tag.\n- **Usage**: `php occ gdatavaas:get-tag-id \u003ctag-name\u003e`\n- **Docker Usage**: `docker exec --user www-data nextcloud-container php occ gdatavaas:get-tag-id \u003ctag-name\u003e`\n- **Arguments**:\n    - `\u003ctag-name\u003e`: The name of the tag to get the ID for.\n- **Details**: This command retrieves and logs the ID of the specified tag. If the tag does not exist, an error is logged.\n\n## Setting up a development environment\n\nThis project ships Make targets that set up and run a full Nextcloud dev instance in Docker.\n\nThe easiest way to get started is to use the Devcontainer with VSCode. It has all prerequisites installed and automatically mounts the app into the container.\n\nBut you can also set up the environment manually on your host machine:\n\n### Prerequisites\n\nInstall these locally (or ensure your devcontainer provides them):\n\n- Docker and Docker Compose\n- GNU Make\n- Node.js 20.x and npm (used by make npm)\n- PHP CLI (8.1+)\n- Optional for tests and packaging:\n  - Bats (for make bats)\n  - php-scoper (only for make appstore - if you want to execute bats tests or want the production app, not development version)\n\nNote: The Makefile will download composer.phar if Composer isn’t available, but it still requires a local PHP CLI to run it.\n\n### Quick start: run Nextcloud with the app mounted\n\n```bash\n# From the repository root\nmake local\n```\n\nWhat this does:\n- Builds backend and frontend assets (make build → make composer + make npm).\n- Starts a Nextcloud dev container on http://localhost:8080 and bind-mounts this app into /var/www/html/apps-extra/gdatavaas.\n- Installs PHP dependencies on the host so local tooling works.\n\nAfter the container is up, open Nextcloud at http://localhost:8080 and enable the app via the Apps UI:\n- Find `G DATA Antivirus` in your apps and click `Enable`.\n- Important: Enable only. Do not upgrade to the app store version. That overrides your local code in the container.\n\n### Day-to-day workflow\n\n- Edit PHP (server) code: changes are picked up immediately by the container via the bind mount; just refresh the page.\n- Edit frontend (JS/CSS/Vue): rebuild assets explicitly (no hot reload) and refresh the page without cache (CTRL + F5):\n\n```bash\nmake npm\n```\n\n### Available Make targets\n\n- make prod\n  - Builds the app for production and deploys a production Nextcloud instance with the app inside. Sets everything up. Nextcloud on http://localhost:8080 and SMTP testing on http://localhost:8081. Code changes are not automatically picked up; you need to rebuild the container -\u003e run `make prod` again.\n- make build\n  - Fetches PHP dependencies and builds frontend assets.\n- make composer\n  - Installs/upgrades PHP dependencies. If Composer isn’t installed, a local composer.phar is fetched and used.\n- make npm\n  - Installs Node dependencies and builds JS/CSS bundles. Re-run this whenever you change frontend code.\n- make oc\n  - Clones the Nextcloud server into ./nextcloud-server (used for local development that requires private OC namespaces).\n- make local\n  - Rebuilds the app and runs a Nextcloud dev container on http://localhost:8080 with this app mounted. Safe to re-run; it replaces any existing container named nextcloud-container.\n- make clean\n  - Removes the build/ directory.\n- make distclean\n  - Also removes vendor/, node_modules/, js/node_modules/, nextcloud-server/, composer.lock, etc.\n- make unittests\n  - Runs PHP unit tests via ./vendor/bin/phpunit using tests/unittests/bootstrap.php. Installs Composer deps first.\n- make bats\n  - Spins up a complete environment using Docker Compose and runs end-to-end Bats tests from tests/bats with the production build of the app.\n  - Requirements: Bats installed locally and two environment variables set: CLIENT_ID and CLIENT_SECRET (valid VaaS credentials).\n- make appstore\n  - Builds a distributable tarball at build/artifacts/gdatavaas.tar.gz. Intended for releases; requires php-scoper available in PATH.\n\n### Stopping and restarting\n\n- Stop/remove the dev container manually if needed:\n\n```bash\ndocker stop nextcloud-container || true\n```\n\n- Re-run make local to rebuild and restart the environment.\n\nNotes:\n- SMTP testing (smtp4dev) is available when using make target `make prod`; it listens on http://localhost:8081. The simple `make local` flow runs a single Nextcloud container on port 8080.\n- The helper script scripts/run-app.sh orchestrates CI and test flows; for local development, stick to the Make targets above.\n\n### Useful commands\n\n| Description               | Command                                                                                                  |\n|---------------------------|----------------------------------------------------------------------------------------------------------|\n| Trigger cronjobs manually | `docker exec --user www-data nextcloud-container php /var/www/html/cron.php`                             |\n| Upgrade Nextcloud via CLI | `docker exec --user www-data nextcloud-container php occ upgrade`                                        |\n| Watch logs                | `docker exec --user www-data nextcloud-container php occ log:watch`                                      |\n| Watch raw logs            | `docker exec --user www-data nextcloud-container php occ log:watch --raw \\| jq .message`                 |\n| Set log level to debug    | `docker exec --user www-data nextcloud-container php occ log:manage --level DEBUG`                       |\n\n\n### Smtp4Dev\n\nWhen developing locally, SMTP4Dev is launched on make target `make prod` on port 8081 to simulate sending emails through the app.\n\nFor more information about Smtp4Dev, please refer to the [official README](https://github.com/rnwood/smtp4dev/blob/master/README.md).\n\n### Configuring via the command line\n\nIn addition to the graphical configuration via the VaaS settings page in Nextcloud, configuration is possible via PHP OCC commands:\n\n```\n# The authentication flow to use (depends on available credentials). Default: ResourceOwnerPassword\nphp occ config:app:set gdatavaas authMethod \u003cResourceOwnerPassword|ClientCredentials\u003e\n\n# Username + Password are used only in ResourceOwnerPassword authMethod\nphp occ config:app:set gdatavaas username \u003cstring\u003e\nphp occ config:app:set gdatavaas password \u003cstring\u003e\n\n# ClientID + ClientSecret are used only in ClientCredentials authMethod\nphp occ config:app:set gdatavaas clientId \u003cstring\u003e\nphp occ config:app:set gdatavaas clientSecret \u003cstring\u003e\n\n# VaaS server address. Default: https://gateway.staging.vaas.gdatasecurity.de\nphp occ config:app:set gdatavaas vaasUrl \u003cURL\u003e\n# Authentication server. Default: https://account-staging.gdata.de/realms/vaas-staging/protocol/openid-connect/token\nphp occ config:app:set gdatavaas tokenEndpoint \u003cURL\u003e\n\n# Name of quarantine folder. Default: Quarantine\nphp occ config:app:set gdatavaas quarantineFolder \u003cstring\u003e\n# Whether to enable the automatic file scan. Default: false\nphp occ config:app:set gdatavaas autoScanFiles \u003ctrue|false\u003e\n# Whether to add a prefix to malicious files. Default: false\nphp occ config:app:set gdatavaas prefixMalicious \u003ctrue|false\u003e\n# Whether to disable the unscanned tag. Default: false\nphp occ config:app:set gdatavaas disableUnscannedTag \u003ctrue|false\u003e\n# Comma-separated list of files/folders that should be scanned. Default: Empty string (all files)\nphp occ config:app:set gdatavaas scanOnlyThis \u003cstring\u003e\n# Comma-separated list of files/folders that should **not** be scanned. Default: Empty string (no files excluded)\nphp occ config:app:set gdatavaas doNotScanThis \u003cstring\u003e\n# Email address to send notifications to, when infected files are uploaded. Default: None\nphp occ config:app:set gdatavaas notifyMail \u003cemail\u003e\n# Whether to send email notifications on upload, when files are infected. Default: false\nphp occ config:app:set gdatavaas sendMailOnVirusUpload \u003ctrue|false\u003e\n# Maximum file size (in MB) to scan. Default: 256\nphp occ config:app:set gdatavaas maxScanSizeInMB \u003cint\u003e\n# Timeout (in seconds) for the VaaS backend. Default: 300\nphp occ config:app:set gdatavaas timeout \u003cint\u003e\n# Whether to cache scan results. Default: true\nphp occ config:app:set gdatavaas cache \u003ctrue|false\u003e\n# Whether to perform a hash lookup before uploading the file. Default: true\nphp occ config:app:set gdatavaas hashlookup \u003ctrue|false\u003e\n```\n\nYou can also install and/or update the app via OCC:\n\n```\n# Install\nphp occ app:install gdatavaas\n# Upgrade\nphp occ app:update gdatavaas\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgdatasoftwareag%2Fnextcloud-gdata-antivirus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgdatasoftwareag%2Fnextcloud-gdata-antivirus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgdatasoftwareag%2Fnextcloud-gdata-antivirus/lists"}