www.webdeveloper.com
Results 1 to 4 of 4

Thread: Scan A Uploaded File

  1. #1
    Join Date
    Jun 2004
    Location
    Kansas City, MO
    Posts
    1,607

    Scan A Uploaded File

    I have external web site were users can upload a file. I would like to do a virus scan on the file before i allow it to upload.

    Anyone know of any software that i can use?
    Does Norton maybe have an API call that i could use to do this?

    Currently the only thing i can think of is to allow the file to be downloaded.
    Download it to a certian directory, schedule norton to do a scan on that
    directory every so often(10,20min?) and then if a virus is not found then the file is good to go.

    Just seeing what options i have available.

    Thanks.

  2. #2
    Join Date
    Feb 2003
    Posts
    2,745
    you hit the nail on the head

    Start with the Symantec Knowledge Base http://www.symantec.com/techsupp/ent...roduct_kb.html

    Then try a little google searching...

    http://www.windowsitpro.com/Article/...9924.html?Ad=1

    http://enterprisesecurity.symantec.c...dfid=771&EID=0 (pdf)

    http://www.opswat.com/antivirussdk_server.shtml

    Email me if you need help after a bit of research. I know I haven't been on much lately, but I'll help if i can.

    rb

  3. #3
    Join Date
    Jan 2003
    Location
    USA
    Posts
    688
    When allowing file uploading I often don't allow certain file extensions such as .bat, .asp, .exe, .com, etc. and if I get them I sometimes add .txt at the end.

    Other times I can be even more restrictive and only allow one particular filename and extension.
    J. Paul Schmidt
    www.Bullschmidt.com - Freelance Web and Database Developer
    www.Bullschmidt.com/DevTip.asp - Classic ASP Design Tips

  4. #4
    Join Date
    Feb 2003
    Posts
    2,745
    yes, disallowing certain extensions is a good idea, but only solves part of the problem. it is also a good idea to rename the file programmatically, 'cause a hacker will always try to execute anything unseemly s/he uploads.

    Virus scanners have setting as to when to scan, and what action to take when a suspected or known virus is found. Set it to scan at write time (meaning as the file is written to the server hard drive) and to quarrantine the file and send you an email (or pager) alert.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles