Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ensuring uploaded files are safe

My boss has come to me and asked how to enure a file uploaded through web page is safe. He wants people to be able to upload pdfs and tiff images (and the like) and his real concern is someone embedding a virus in a pdf that is then viewed/altered (and the virus executed). I just read something on a procedure that could be used to destroy stenographic information emebedded in images by altering least sifnificant bits. Could a similar process be used to enusre that a virus isn't implanted? Does anyone know of any programs that can scrub files?

Update: So the team argued about this a little bit, and one developer found a post about letting the file download to the file system and having the antivirus software that protects the network check the files there. The poster essentially said that it was too difficult to use the API or the command line for a couple of products. This seems a little kludgy to me, because we are planning on storing the files in the db, but I haven't had to scan files for viruses before. Does anyone have any thoughts or expierence with this?

http://www.softwarebyrob.com/2008/05/15/virus-scanning-from-code/

like image 452
kemiller2002 Avatar asked Aug 28 '08 18:08

kemiller2002


1 Answers

I'd recommend running your uploaded files through antivirus software such as ClamAV. I don't know about scrubbing files to remove viruses, but this will at least allow you to detect and delete infected files before you view them.

like image 176
pix0r Avatar answered Sep 29 '22 12:09

pix0r