Testing instructions are based on MDL-50887 Setup Configure SMTP in Site administration ► Plugins ► Message outputs ► Email Testing plugin installation: 1. Make sure you have clamav scanning enabled and configured (runclamonupload is ticked, pathtoclam setting is set to clamav path) Enabling webservice upload: As admin, enable "Mobile services": Plugins ► Web Services ► Mobile Create a Token for one user: Click on Site administration ► Plugins ► Web services ► Manage tokens Testing virus scanning: 1. Try to upload file via CURL not containing the virus , the file should be uploaded successfully. (Replace the token value with the one you obtained previously) curl -i -F name=test.pdf -F filedata=@/Users/juanleyvadelgado/Documents/fast http://localhost/m/stable_master/webservice/upload.php?token=ffbe3a3002f235bf9d01fd9369e10b66&filearea=draft " 2. Try to upload file containing the virus via CURL, this could be EICAR test signature in the text file (see https://en.wikipedia.org/wiki/EICAR_test_file for details), you should get an exception on upload containing the message that your file contains the virus and can't be uploaded. 3. Go to ClamAV settings and modify 'pathtoclam' so that it points to the wrong path, and 'clamfailureonupload' is set to "Treat files as OK". Save settings. 4. Try to upload any file, the file should be uploaded successfully. Admin should get email notification that antivirus is not configured correctly. 5. Go to ClamAV settings and modify 'clamfailureonupload', set it to "Treat files as viruses". Save settings. 6. Ty to upload any file, the file should trigger an exception similar to one in step 2. Admin should get email notification that antivirus is not configured correctly.