Revisiting Domino ClamAV for databases on rest
Daniel Nashed – 24 March 2026 15:32:46
Domino 14.5.1 ships native ClamAV mail flow scan in addition to ICAP.The configuration is pretty straightforward as blogged earlier.
What is still missing is an periodic/on demand scan of NSF files.
I am revisiting my ClamAV integration on request of two customers.
One doesn't have on rest scan yet. The other one is using a solution which is discontinued soon.
Because I spent all that work already and now Domino also uses ClamAV, it's a good idea to look into it again.
Tag or quarantine messages?
The work I did was almost complete for a first round. What is still open is if we really want to remove attachments and what about quarantining messages.
For now I am just tagging mails and optionally move them to a Virus folder.
Moving out attachments would be a pretty big step for a new feature.
For the mail flow it looks a bit different, because the mail was never delivered to a user.
I think for the first step moving to a Virus folder and central reporting would be good?
Logging
Now that Domino comes with a nice cscanlog.nsf, I am just reusing what is already available.
I looked at all the fields and provide the same admin experience for the ClamAV on rest scan implementation.
It would be a separate database. Maybe even a separate per scan.
Looking for the next steps
The solution already supports incremental scans and scans for separate directories.
There is no exclude or wild-card search. But that would be easy to add. Probably better with wildcard support then using lists?
I think the first step could be wild-card support. using Unix standard regex.
But eventually I want to also support Domino pattern matching?
What do you think? I could offer both. Bot Unix pattern matching is the more standard approach.
- Comments [0]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}