diff --git a/Gemfile b/Gemfile
index 17bfbb884e..d58fb5b0a5 100644
--- a/Gemfile
+++ b/Gemfile
@@ -63,6 +63,8 @@ gem 'active_storage_validations'
 gem 'faraday', '~> 1.10'
 gem 'faraday_middleware', '~> 1.2'
 gem 'puma'
+gem 'ratonvirus'
+gem 'ratonvirus-clamby'
 
 group :development, :test do
   gem 'annotate'
diff --git a/Gemfile.lock b/Gemfile.lock
index 44825acda3..920a0c01ba 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -150,6 +150,7 @@ GEM
     case_transform (0.2)
       activesupport
     chartkick (5.0.5)
+    clamby (1.6.10)
     cocoon (1.2.15)
     coderay (1.1.3)
     coercible (1.0.0)
@@ -512,6 +513,11 @@ GEM
       thor (~> 1.0)
     rainbow (3.1.1)
     rake (13.1.0)
+    ratonvirus (0.3.2)
+      activesupport (~> 6.0)
+    ratonvirus-clamby (0.3.0)
+      clamby (~> 1.6)
+      ratonvirus (~> 0.3.0)
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
@@ -764,6 +770,8 @@ DEPENDENCIES
   rack-livereload (~> 0.5.1)
   rails (~> 6.1.7)
   rails-controller-testing
+  ratonvirus
+  ratonvirus-clamby
   redis (~> 5.0.8)
   remotipart (~> 1.4)
   rest-client (~> 2.1)
diff --git a/app/models/document.rb b/app/models/document.rb
index ac22d49aa2..22f79fe5db 100644
--- a/app/models/document.rb
+++ b/app/models/document.rb
@@ -26,6 +26,7 @@ class Document < ApplicationRecord
               image/bmp
               image/x-bitmap
             ]
+  validates :document, antivirus: true
 
   alias attachment document # to have a consistent interface to both Document and Message
   delegate :provider_id, to: :external_user
diff --git a/app/models/message.rb b/app/models/message.rb
index ca573119a6..9e6ab35fb9 100644
--- a/app/models/message.rb
+++ b/app/models/message.rb
@@ -41,6 +41,7 @@ class Message < ApplicationRecord
               image/bmp
               image/x-bitmap
             ]
+  validates :attachment, antivirus: true
 
   validates :sender, presence: true
   validates :body, presence: true
diff --git a/config/initializers/ratonvirus.rb b/config/initializers/ratonvirus.rb
new file mode 100644
index 0000000000..537fdb5324
--- /dev/null
+++ b/config/initializers/ratonvirus.rb
@@ -0,0 +1,4 @@
+Ratonvirus.configure do |config|
+  config.scanner = :clamby
+  config.storage = :active_storage
+end
\ No newline at end of file