Scan A Uploaded File

[lmf232s]

I have external web site were users can upload a file. I would like to do a virus scan on the file before i allow it to upload.

Anyone know of any software that i can use?
Does Norton maybe have an API call that i could use to do this?

Currently the only thing i can think of is to allow the file to be downloaded.
Download it to a certian directory, schedule norton to do a scan on that
directory every so often(10,20min?) and then if a virus is not found then the file is good to go.

Just seeing what options i have available.

Thanks.

[russell]

you hit the nail on the head

Start with the Symantec Knowledge Base http://www.symantec.com/techsupp/ent...roduct_kb.html

Then try a little google searching...

http://www.windowsitpro.com/Article/...9924.html?Ad=1

http://enterprisesecurity.symantec.c...dfid=771&EID=0 (pdf)

http://www.opswat.com/antivirussdk_server.shtml

Email me if you need help after a bit of research. I know I haven't been on much lately, but I'll help if i can.

rb

[Bullschmidt]

When allowing file uploading I often don't allow certain file extensions such as .bat, .asp, .exe, .com, etc. and if I get them I sometimes add .txt at the end.

Other times I can be even more restrictive and only allow one particular filename and extension.

[russell]

yes, disallowing certain extensions is a good idea, but only solves part of the problem. it is also a good idea to rename the file programmatically, 'cause a hacker will always try to execute anything unseemly s/he uploads.

Virus scanners have setting as to when to scan, and what action to take when a suspected or known virus is found. Set it to scan at write time (meaning as the file is written to the server hard drive) and to quarrantine the file and send you an email (or pager) alert.