Antimalware in a Dockerized backend (Spring-boot and ClamAV)


We would like to integrate an antivirus into our application, which will scan the uploaded files and decide whether or not to save them in our file system.


We have a springboot application dockerized and deployed with Docker Swarm.

The architecture we adopt is the following: the antivirus will be hosted in a container and we will request it as a web service.

Docker layer

We recommend the use of ClamAV, a proven antivirus.

Therefore, we use an open source docker image to mount our container hosting ClamAV, the chosen image is mailu/clamav. Our docker-compose file looks like this :

Spring-boot layer

We may use this ClamAV Client, we could also integrate its source code in our project.

In this tutorial, we just use this dependency in our pom.xml file.

pom.xml dependency

A fileScan service

Service integration to a controller

Carrying out a functional test

It is possible to create a test file containing the following string : corrupted_file.txt

PS: Don’t forget to add this file to the antivirus exceptions.

The test curl command :

⇒ Detected is equal to true


An implementation :

fullstack tech lead