Index: openacs-4/packages/xowiki/tcl/form-field-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/tcl/form-field-procs.tcl,v
diff -u -r1.220 -r1.221
--- openacs-4/packages/xowiki/tcl/form-field-procs.tcl	25 Sep 2012 19:30:00 -0000	1.220
+++ openacs-4/packages/xowiki/tcl/form-field-procs.tcl	25 Sep 2012 20:50:06 -0000	1.221
@@ -738,10 +738,20 @@
   #
   ###########################################################
 
-  Class create file -superclass FormField -parameter {
-    {size 40}
-    {sticky false}
-    link_label
+  Class create file -superclass FormField \
+      -extend_slot validator virus \
+      -parameter {
+	{size 40}
+	{viruscheck true}
+	{sticky false}
+	link_label
+      }
+  file instproc check=virus {value} {
+    if {[my viruscheck] && [::xowiki::virus check [my set tmpfile]]} {
+      #util_user_message -message "uploaded file contains a virus; upload rejected"
+      return 0
+    }
+    return 1
   }
   file instproc tmpfile {value}      {my set [self proc] $value}
   file instproc content-type {value} {my set [self proc] $value}
@@ -792,6 +802,7 @@
   }
 
   file instproc convert_to_internal {} {
+    my msg "convert_to_internal"
     my instvar value
 
     set v [my get_value_from_form]
Index: openacs-4/packages/xowiki/tcl/xowiki-form-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/tcl/xowiki-form-procs.tcl,v
diff -u -r1.129 -r1.130
--- openacs-4/packages/xowiki/tcl/xowiki-form-procs.tcl	13 Sep 2012 16:05:28 -0000	1.129
+++ openacs-4/packages/xowiki/tcl/xowiki-form-procs.tcl	25 Sep 2012 20:50:06 -0000	1.130
@@ -168,6 +168,11 @@
     #set form [lindex [::xowiki::WikiForm info instances -closure] 0]
     $form instvar data
     $form get_uploaded_file
+    set data [$form set data]
+    if {[virus check [$data set import_file]]} {
+      util_user_message -message "uploaded file contains a virus; upload rejected"
+      return 0
+    }
     upvar title title
     if {$title eq ""} {set title [$data set upload_file]}
     # $form log "--F validate_file returns [$data exists import_file]"
@@ -493,7 +498,7 @@
     set upload_file [$data form_parameter upload_file]
     # my log "--F... upload_file = $upload_file"
     if {$upload_file ne "" && $upload_file ne "{}"} {
-      $data set upload_file  $upload_file
+      $data set upload_file $upload_file
       $data set import_file [$data form_parameter upload_file.tmpfile]
       set mime_type [$data form_parameter upload_file.content-type]
       if {[db_0or1row [my qn check_mimetype] {select 1 from cr_mime_types 
Index: openacs-4/packages/xowiki/tcl/xowiki-utility-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xowiki/tcl/xowiki-utility-procs.tcl,v
diff -u -r1.24 -r1.25
--- openacs-4/packages/xowiki/tcl/xowiki-utility-procs.tcl	13 Sep 2012 16:05:29 -0000	1.24
+++ openacs-4/packages/xowiki/tcl/xowiki-utility-procs.tcl	25 Sep 2012 20:50:06 -0000	1.25
@@ -54,6 +54,22 @@
     return $text
   }
 
+  #
+  #
+  # Helper for virus checks
+  #
+  ::xotcl::Object create virus
+  virus proc check {fn} {
+    if {[[::xo::cc package_id] get_parameter clamav 1]
+        && [info command ::util::which] ne ""} { 
+      set clamscanCmd [::util::which clamscan]
+      if {$clamscanCmd ne "" && [file readable $fn]} {
+	if {[catch {exec $clamscanCmd $fn }]} {return 1}
+      }
+    }
+    return 0
+  }
+
   proc copy_parameter {from to} {
     set parameter_obj [::xo::parameter get_parameter_object \
                            -parameter_name $from -package_key xowiki]