Best Practices For Scanning User Uploaded Files

I am creating a site that allows users to upload images and other files to the server. These files will then be served up to other users. I am wondering what the best practices are for scanning these files for viruses.

I’m considering either scanning each file as it is uploaded or setting up a cron job that scans the directory these files are stored in every hour or so. Of course this means it’s possible that files can be on the server for up to an hour before the virus is caught, but performance might be a little better. I was curious what other’s thoughts are and if there are some best practices or guidelines for handling virus scanning of user uploaded files.

Also, I’ve never virus scanned anything from within PHP and was wondering if anyone knows how to do this or knows of some good tutorials that explain the process.

Thanks in advance!

why not rely on the antivirus software installed on the server?

doing virus check during upload process might slow down the process significantly.