JustFoo Posted July 13, 2006 Share Posted July 13, 2006 Hello all,I have an upload script which uploads files to my server(windows) and what i would like to do is once the file is put into a safe directory just scan it with a virus scanner then if its clean move it to the correct directory on the server. Is there any virus scanners that can be called with php? My only thought was to just setup a scan everytime a new file was added to that specific folder.thanks Quote Link to comment https://forums.phpfreaks.com/topic/14482-integrating-virus-scan-with-php/ Share on other sites More sharing options...
zq29 Posted July 13, 2006 Share Posted July 13, 2006 Many virus scanning packages offer a CLI, you could run your command with PHPs exec() function and check its output to see if the file is infected. Quote Link to comment https://forums.phpfreaks.com/topic/14482-integrating-virus-scan-with-php/#findComment-57327 Share on other sites More sharing options...
ShogunWarrior Posted July 13, 2006 Share Posted July 13, 2006 Yeah, get a lightweight command line one and call it with [b]shell_exec[/b]. Make sure it's fast enough that it doesn't stall the pages too much or time out. Quote Link to comment https://forums.phpfreaks.com/topic/14482-integrating-virus-scan-with-php/#findComment-57346 Share on other sites More sharing options...
JustFoo Posted July 13, 2006 Author Share Posted July 13, 2006 yea i had found some things about that but wasnt too sure.. another quick question about the upload script i am attempting to block files like html, or shell script files or batch files...my only thought about doing that would be to scan the file for certain key strings and if they match then thats the type of file...is there any other way to go about this also im having trouble scanning in the file line by line so i can test one line at a time instead of the entire file as one big string. Right now i have the file as one big string but im not sure how i would test a specific string across the whole file would i haeto break the file up into specific sized chunks first???thanks again Quote Link to comment https://forums.phpfreaks.com/topic/14482-integrating-virus-scan-with-php/#findComment-57348 Share on other sites More sharing options...
ShogunWarrior Posted July 13, 2006 Share Posted July 13, 2006 You could do something like this to minimize the input time:[code]<?php$f = fopen('list.txt','r');$block=false;$blocked = '(<html>|<\?php)';while($line = fgets($f)){ if(preg_match('/'.$blocked.'/is',$line)) {$block = true;}}if($block===true){ //Do whatever if it's not allowed echo('File Blocked!!');}[/code] Quote Link to comment https://forums.phpfreaks.com/topic/14482-integrating-virus-scan-with-php/#findComment-57373 Share on other sites More sharing options...
pixy Posted July 13, 2006 Share Posted July 13, 2006 Couldn't you just make it so the only allowed uploads are pictures or HTML files? That way you wouldn't have to worry about scanning EXE's or other harmful filetypes (in this case, such as PHP since they could include harmful pages). Quote Link to comment https://forums.phpfreaks.com/topic/14482-integrating-virus-scan-with-php/#findComment-57377 Share on other sites More sharing options...
brown2005 Posted July 13, 2006 Share Posted July 13, 2006 yeah u can do that, goto have a look at the tutorail http://www.phpfreaks.com/tutorials/85/0.php its about file uploading..... Quote Link to comment https://forums.phpfreaks.com/topic/14482-integrating-virus-scan-with-php/#findComment-57379 Share on other sites More sharing options...
zq29 Posted July 13, 2006 Share Posted July 13, 2006 There's an easier method of checking the file type, although it is a bit slack. The MIME type of a file is passed in the $_FILES array with $_FILES['file']['type'] - Although this shouldn't really be trusted as this information is decided by the browser and can be spoofed. Another easier method, although not bulletproof, is to just check the extension and match it against a list of allowed extensions...[code=php:0]$ext = substr($_FILES['file']['name'],strrpos($_FILES['file']['name'],"."));[/code]I normally find both of these solutions adequate. Quote Link to comment https://forums.phpfreaks.com/topic/14482-integrating-virus-scan-with-php/#findComment-57400 Share on other sites More sharing options...
pixy Posted July 13, 2006 Share Posted July 13, 2006 ^ That's essentially when I was suggesting. You could make an array of allowed types:$allowed = array('image/gif', 'image/jpeg', 'image/png');if (in_array($_FILES['upload']['type'], $allowed) { // Continue to process}else { // Tell them its bad}And replace ['upload'] with whatever the name of the input you use is. Quote Link to comment https://forums.phpfreaks.com/topic/14482-integrating-virus-scan-with-php/#findComment-57405 Share on other sites More sharing options...
JustFoo Posted July 13, 2006 Author Share Posted July 13, 2006 yea i wish it were that easy i have tried all those solutions and everytime something new causes a problem...firstly i have a block on the extenstion but if someone decides to do example.exe and make it example.exe.gif or example.gif then the file gets through so thats just a prelimary block...i also have tried the global $_FILES['foo']['type'] however an interesting problem arose with that...my actual upload begins from a flash form and then flash passes the file off to my php script so no matter what file i send they all have the exact same mime type application/octet-stream...so that idea was a washthen i tried installing an extension on the server and for somereason it works twice and then just stops working and the only way to get it working again is to restart the server which is unacceptable....so now im left with doing this on my own by matching specific patterns within the files...so far i have a function which works pretty well matching the first 4 bytes and it finds exes, dlls, and such but for plain txt files i need to read the whole file to match patters like #!/bin/foo or <?php or @echo off...just common script type indicators....garrrrrrr thanks again Quote Link to comment https://forums.phpfreaks.com/topic/14482-integrating-virus-scan-with-php/#findComment-57414 Share on other sites More sharing options...
JustFoo Posted July 13, 2006 Author Share Posted July 13, 2006 Well shogun i gave the code you suggested a shot and it seems to be working okay thanks allJustFoo Quote Link to comment https://forums.phpfreaks.com/topic/14482-integrating-virus-scan-with-php/#findComment-57453 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.