scanning files when they are uploaded to server

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
psmshankar
Forum Commoner
Posts: 96
Joined: Tue Aug 06, 2002 4:25 am
Location: India

scanning files when they are uploaded to server

Post by psmshankar »

in our application we are asking to user to upload '.doc' and '.zip' files only. If it is doc file, the client is very much worried about the virus...
so they asked whether is it possible to scan for virus and then copy to the server...

is it possible to scan for virus before uploading ..from the server side.??
as like in yahoo.. when u attach a file, it will automatically scan and then allow is it not...just exactly i want..

the Server OS is linux for one client and windows for another client...

can we do it from the server? once the press the submit button after choosing the file to upload, the scope is in server side....so how to call a antivirus porgram to chk that file and then do the neccesary process...
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

There are some virusscanners for linux that offer a commandline tool that can be invoked by php's exec/system/... functions.
If the uploaded (temp.) files do not approve you can delete or simply forget them since php will remove temp. files if not moved.

E.g. http://www.f-prot.com. Of course there are more to choose from but that's what I use for free (personal use).
psmshankar
Forum Commoner
Posts: 96
Joined: Tue Aug 06, 2002 4:25 am
Location: India

Post by psmshankar »

thanks volka...
we can execute the virus scanner thru command line ..but how to trace out the result...becos based on the result only we are going to either accept the file or reject...
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

I would never accept a contaminated file even if a scanner/filter tells me "it's all right now, virus deleted".
Simply passthru the output (maybe only the name of the virus found) and reject the upload. Let the user take care of the plague, probably there are more files on the infected system to worry about.
psmshankar
Forum Commoner
Posts: 96
Joined: Tue Aug 06, 2002 4:25 am
Location: India

Post by psmshankar »

what i meant was..how to get the result from the virus scanner application? we will be executing that exe by passing some values as arguments and it starts scanning..fine... but how to get the result...where we can see the results?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

by fetching and parsing the output
http://www.php.net/manual/en/function.exec.php
string exec ( string command [, array output [, int return_var]])
But I cannot tell you what this output would look like, since I never encountered a virus with this tool (only once ever and that was before f-prot, lucky me :) )
But the positive output of the current version is
No viruses or suspicious files/boot sectors were found.
Post Reply