Hi all
We have a section where people can upload a scanned image of a document (we presently don’t specify the scanned image type-maybe we shoul). I am worried about the potential to do harm to our site. How can we check that the file is not harmfull?
Thank you
you can send uploaded file to antivirus to scan it and if result is ok you save it.
Thanks- should there be a size limit? What antivirus should we use is there a free one? Would it make more sense for them to send the image via email, we can check it and then upload it? (acutally that sounds really labor intensive!)
but if you have any antivirus on your server then you can send file to it, just read AV documentation.
Sending it by email is not an option, mail will be sent and returned if there is a virus inside it. but with AV you can wait for response and then execute proper action.
- Receive file on server
- Execute command which sends file to av
- Receive response from AV
- Execute proper action.
I think this is the best and quickest way.
You can se example in Microsoft MSN, when receiving file it will scan it after download by executing custom command added to its options for example Norton antivirus
vpscan.exe /sweep c:\ emp\grc.dat
this command in CMD will scan qrc.dat file. And you can also execute these commands trough PHP
exec("vpscan.exe /sweep c:\ emp\\grc.dat");
this is for windows
I hope this helps
No, its not possible trough web.
Thanks for the reply that all seems to make perfect sense except for uploading it to the server- surely we shouldn’t upload it our server before we have checked it is fine. O ris this impossible to do unless the file is uploaded on the server?