The patch introduce 2 features: An email address: receive notification when a infected file is detected Quarantine folder: store the infected files. Enable Clamav Install clamav, update definition database Enable clamav on Moodle site: Site administration > Plugins > Antivirus plugins > Manage antivirus plugins   Specify path to clamscan: Site administration > Plugins > Antivirus plugins > ClamAV antivirus   Email address setting Set up email: https://docs.moodle.org/38/en/Mail_configuration Go To Site Admin > Plugin > Antivirus > Manage Antivirus plugins Specify "Antivirus alert email" to  receive notification Download the attached eiacarcom2.zip file ( or https://www.eicar.org/?page_id=3950 ) for your testing purposes Upload the infected file (using Assignment Submission) Expected behavior: An email is send to the specified address with the details of the incidence. The incidence details should include filename, file size, content type, content hash, author, IP, REFERER, Date, and scanning result Scan files Go To Site Admin > Plugin > Antivirus > Manage Antivirus plugins Enable quarantine. Specify the ' Maximum quarantine time ':  5 minutes Upload the infected file Go To Site Admin > Report > Antivirus failures Download a zip file Download All zip files Delete a zip file Run the scheduled task " \core\task\antivirus_cleanup_task": https://docs.moodle.org/38/en/Scheduled_tasks#Running_individual_tasks   Expected behavior: The downloaded zip file should include a *_details.html file and the infected file. The *_details.html should include  filename, author,  IP, REFERER, Date, and scanning result Downloaded "All zip files" should include all the  zip files in the table. Zip files of the incidence which happened more than 5 minutes earlier should be deleted  Deleting quarantined files does not remove the infected file/data records, so the records still be displayed in the table There is no action icons (download/delete) for records without physical file   Email regression testing Error as virus emails: Visit the ClamAV virus settings at Site Administration > Antivirus > ClamAV Set the 'On ClamAV failure' control to 'Treat files like viruses' Now change the path to clam to something broken 'usr/bin/nothere' Now in another tab, upload a good file into the private files area. Expected behaviour An email will be received that looks very similar to the first email for an infected file. The upload will show an error saying that the file is infected. The header of the email will state 'Infected file detected' It will contain the error message returned from ClamAV: 'Clamav scanning has tried 1 time(s). ClamAV has failed to run. The return error message was " An error occured". Here is the output from ClamAV:' Followed by scan details. Only one email will be recieved, there are no duplicate messages for the error, and then for the infected file.   Errors OK emails: Visit the ClamAV virus settings at Site Administration > Antivirus > ClamAV Set the 'On ClamAV failure' control to 'Treat files as OK' Now in another tab, upload a good file into the private files area. Expected behaviour: An email will be received that contains all of the same details as the above email. The upload will be allowed to go through. The header for the email will state 'Scanner error occurred' The subject for the email will state 'Scanner error occurred' The error message returned from ClamAV  will be displayed the same.   Deny Upload emails: Visit the ClamAV virus settings at Site Administration > Antivirus > ClamAV Set the 'On ClamAV failure' control to 'Refuse upload, try again' Now in another tab, upload a good file into the private files area. Expected behaviour: An email will be received that contains all of the same details as the above email. The upload will be denied, and states an error, and to try again. The header for the email will state 'A scanner error was detected' The contenthash, filesize and filetype will all state unknown, as the file was not uploaded. The error message returned from ClamAV  will be displayed the same.