Re: Virus Scanning

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

----- Original Message ----- 
From: "Abdul shahid khattak" <>
To: <php-objects@xxxxxxxxxxxxxxx>
Sent: Monday, August 29, 2005 11:46 PM
Subject:  Virus Scanning


> Can any body help? i want to scan the uploaded file in
> php code so that i can prompt user that the attached
> file is virus infected.

A few things to make it safer:

- Set the permissions of the upload directory to be as restrictive as
possible
- Don't upload to a web accessible dir; upload to a 'sandbox' directory
so you can do as many checks as you need to on the files before moving
them to their final destination
- $filename=preg_replace("/[^a-z0-9_-]/","_",$filename) or similar
before copying
- Make their final destination directory non executable by anyone if
possible

If you are running on a shared (virtual) server, your host provider may
already have anti-virus uploads turned on, check with them as it would
be a global thing.

If you have your own server, then you can install something like ClamAV,
which supports a lot of third party software:
http://www.clamav.net/3rdparty.html

Alternatively, Symantec has some nice offerings:
http://www.symantec.com/techsupp/enterprise/select_product_kb_nojs.html

A Google brings up this as well, looks good, not tested myself:
http://www.opswat.com/antivirussdk_server.shtml

A cheap solution, good if you are expecting just a few uploads a day, is
to allow the upload to a secure directory that has no permissions, then
download locally and have a scheduler run every 10 or 20 minutes for
viruses and if nothing found, then it's good to go back to the server.

cheers,

        Mark



------------------------ Yahoo! Groups Sponsor --------------------~--> 
Fair play? Video games influencing politics. Click and talk back!
http://us.click.yahoo.com/T8sf5C/tzNLAA/TtwFAA/saFolB/TM
--------------------------------------------------------------------~-> 

PHP Data object relational mapping generator - http://www.meta-language.net/ 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/php-objects/

<*> To unsubscribe from this group, send an email to:
    php-objects-unsubscribe@xxxxxxxxxxxxxxx

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[Index of Archives]     [PHP Home]     [PHP Users]     [PHP Soap]     [Kernel Newbies]     [Yosemite]     [Yosemite Campsites]
  Powered by Linux