Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do you virus scan a file being uploaded to your java webapp as it streams? [closed]

Basically, I want to virus scan files as they are uploaded (before writing them to disk) to a web app.

In particular, I'd like to integrate with "McAfee VirusScan Enterprise" (latest version).

From a design and maintenance perspective, would it perhaps be better to scan certain paths at the firewall using a third party product? That way the web app would not have to concern itself with virus scanning. So as to minimize overhead, do typical virus scanning firewalls let you specify URL patterns as well as a particular POST data pattern. This of course would not work if it's an HTTPS site (unless there's some way around that).

This post from stackoverflow seems to suggest that an SDK from McAfee is no longer available, but are there open source alternatives?

like image 772
les2 Avatar asked Jul 29 '10 14:07

les2


People also ask

How do I run a virus scan on my website?

Visit the SiteCheck website at sitecheck.sucuri.net and click Scan Website. If the site is infected, review the warning message to look for any payloads and locations. You can click More Details at the top to review the iFrames, links, scripts, and embedded objects to identify unfamiliar or suspicious elements.

How do I scan a malicious file?

To do this, go to “Windows Security” > “Virus & threat protection,” and click the “Quick scan” button. If you want to do a more thorough scan, which will take longer but will check all your files and running programs, you can instead click the “Scan options” button, and choose “Full scan.”

How does ClamAV work?

It works like an antivirus program on your computer, but ClamAV scans your server. Specifically, ClamAV looks for malicious email attachments and malicious server files. It won't find every malicious file all the time, but it's a good weapon in your security arsenal.


2 Answers

Check out Clamv ( http://www.clamav.net/ ) It is a open source anti-virus, and you can scan a stream. So you do not need to save the file for scanning it.

http://linux.die.net/man/1/clamscan

Scan a data stream: cat testfile | clamscan -

So it is quite easy, start the clamscan process with the - arg. write the file content to the stdin, and wait for the result code.

During your testing, you can use the EICAR file, which is a file dedicated for checking if an anti-virus is working. http://en.wikipedia.org/wiki/EICAR_test_file

like image 94
Dominique Avatar answered Sep 28 '22 04:09

Dominique


You might investigate ClamAV or ClamWin. They are open source virus scanners, ClamWin is based on ClamAV. You should be able to modify one of these (if someone hasn't already) to do what you want.

On the other end, you might consider simply dropping the streamed files into a directory and letting a scanner monitor that particular directory.

like image 26
NotMe Avatar answered Sep 28 '22 04:09

NotMe