On-Access scanning
The Pros:
if you let the antivirus on the OS scan either by on access or on demand
gives the oppertunity to setup group based rules.
You don't need to code a function to handle the scanning.
and that function won't break if for some reason the API is changed.
The Con:
if the antivirus quaranteens/deletes an infected file after you've
registered the upload (i.e. into a database), you'll have inconsistencies.
I can only speak of experiences with antivirus products,
and there's one that I've always had bad experiences with,
and that was Panda. I haven't worked with Panda in many years now,
so it could be a good product these days.
That being said, depending on the use of your target audience, ClamAV is
quite capable as an antivirus product.
cheers
On 03/28/2014 12:08 PM, Cristian Bichis wrote:
Hi Gabe,
You dont had any problems with on-access scanning and doing at same time
http-delivery for these files, or moving them around ?
I guess on-access scanning works by only scanning when there is a new
file or when an existing file is modified, not actually at read-access ?
Cristian
Hi Christian
Nothing special, it just runs as a daemon and is configured for
on-access scanning. Set up a whole bunch of directories to exclude (like
MySQL data directories), but just ensured that temp directories and php
session directories are included. Over the years it has quarantined
plenty of questionable uploads.
You'll have to buy a license for Sophos which can be a pain/expensive,
but I suspect ClamAV could work in just the same way, I just can't vouch
for it's effectiveness because I have not used it in production.
Cheers
Gabe
----- Original message -----
From: Cristian Bichis <cristi@xxxxxxxxx>
To: php-general@xxxxxxxxxxxxx
Subject: Re: AV scanning for file uploads
Date: Fri, 28 Mar 2014 12:39:04 +0200
Hi,
How do you use Sophos for your app ?
1. PHP extension (there is such extension ?) call on-demand ?
2. on demand from CLI (or suing shell_execute)
3. on-access scanning ?
Cristian
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
