AntiVirus for Files No Longer Scanning Uploads

Nextcloud version: 27.0.2
Operating system: Debian 12
Install method: Manual install on my own Apache and MariaDB/MySQL setup

I’ve been hosting my own Nextcloud on this machine for years and I noticed recently that the “antivirus for files” app is no longer scanning files at upload time. The background scan “seems” to be functioning fine because while trying to figure this out, I got a random notification that my test virus was infected and it got deleted, but it did not happen at upload time. I can create a new EICAR test virus and it will sync without issue and not get spotted until the next background scan.

I’ve tried adjusting the app/security settings for the antivirus to use the clamd socket file, which I’ve shown exists and is listening (netstat -a | grep clam). I’ve tried using the “ClamAV executable” using clamav, clamdscan and clamdscan --fdpass as the executables. All of these options “save” without issue, which tells me that they should be working because if you enter incorrect options the save button will output a message “unexpected scan results for test content”, so I’m guessing that when you save options it has its own test virus it scans to make sure it’s functional.

I’m just really not sure why it’s not scanning files at the time they’re uploaded/synced any more, if the commands give me a green light when I save them in the settings.

Just out of curiosity I observed what permissions Nextcloud itself gave to new files and folders when they were uploaded and I chmod-ed my data directory to match to make sure my permissions were correct. I’m not crazy about the “others” label having read access, but that’s what Nextcloud itself does when you make a new folder or upload a new file, so that’s what I applied to the whole data directory to make sure it wasn’t an issue with permissions.

directories = 755
files = 644

So it appears to be specific to the Nextcloud desktop app. My laptop is also using Debian and I’m using version 3.7.3 of the Nextcloud desktop app that comes from the Debian repos.

If I try to manually upload a test virus using the web interface, the file is immediately scanned and denied, so it appears the on access or on upload scanning is functional. However, if I place a test virus in a folder that then gets synced by the desktop app, the file gets uploaded/synced without issue and does not seem to get noticed until the next background scan takes place. Either that, or files synced via the desktop app are getting placed into some sort of queue and then scanned several minutes after upload. I can verify via the web interface that the files do in fact get uploaded and do not get instantly denied like they used to. I’m not sure what the frequency of the background scan is, but if it’s a background scan of “all files” like the admin manual says, it seems more likely that the latter is the case. I’m just trying to understand what’s going on and why it only seems to affect the desktop app.

Attempting to upload a test virus with the mobile app also results in it getting scanned and blocked. The issue with a delay in scanning seems to only affect the Linux desktop app, at least as far as my use case goes. I don’t have any Windows machines to test that version.