Jump to content

Archived

This topic is now archived and is closed to further replies.

JustFoo

integrating virus scan with php

Recommended Posts

Hello all,
I have an upload script which uploads files to my server(windows) and what i would like to do is once the file is put into a safe directory just scan it with a virus scanner then if its clean move it to the correct directory on the server.  Is there any virus scanners that can be called with php?  My only thought was to just setup a scan everytime a new file was added to that specific folder.

thanks

Share this post


Link to post
Share on other sites
Many virus scanning packages offer a CLI, you could run your command with PHPs exec() function and check its output to see if the file is infected.

Share this post


Link to post
Share on other sites
Yeah, get a lightweight command line one and call it with [b]shell_exec[/b].
Make sure it's fast enough that it doesn't stall the pages too much or time out.

Share this post


Link to post
Share on other sites
yea i had found some things about that but wasnt too sure..

another quick question about the upload script i am attempting to block files like html, or shell script files or batch files...my only thought about doing that would be to scan the file for certain key strings and if they match then thats the type of file...is there any other way to go about this also im having trouble scanning in the file line by line so i can test one line at a time instead of the entire file as one big string.  Right now i have the file as one big string but im not sure how i would test a specific string across the whole file would i haeto break the file up into specific sized chunks first???

thanks again

Share this post


Link to post
Share on other sites
You could do something like this to minimize the input time:

[code]
<?php

$f = fopen('list.txt','r');
$block=false;
$blocked = '(<html>|<\?php)';
while($line = fgets($f))
{
        if(preg_match('/'.$blocked.'/is',$line))
        {$block = true;}
}

if($block===true)
{
        //Do whatever if it's not allowed
        echo('File Blocked!!');
}
[/code]

Share this post


Link to post
Share on other sites
Couldn't you just make it so the only allowed uploads are pictures or HTML files? That way you wouldn't have to worry about scanning EXE's or other harmful filetypes (in this case, such as PHP since they could include harmful pages).

Share this post


Link to post
Share on other sites
yeah u can do that, goto have a look at the tutorail http://www.phpfreaks.com/tutorials/85/0.php its about file uploading.....

Share this post


Link to post
Share on other sites
There's an easier method of checking the file type, although it is a bit slack. The MIME type of a file is passed in the $_FILES array with $_FILES['file']['type'] - Although this shouldn't really be trusted as this information is decided by the browser and can be spoofed. Another easier method, although not bulletproof, is to just check the extension and match it against a list of allowed extensions...
[code=php:0]$ext = substr($_FILES['file']['name'],strrpos($_FILES['file']['name'],"."));[/code]
I normally find both of these solutions adequate.

Share this post


Link to post
Share on other sites
^ That's essentially when I was suggesting. You could make an array of allowed types:
$allowed = array('image/gif', 'image/jpeg', 'image/png');
if (in_array($_FILES['upload']['type'], $allowed) {
  // Continue to process
}
else {
  // Tell them its bad
}

And replace ['upload'] with whatever the name of the input you use is.

Share this post


Link to post
Share on other sites
yea i wish it were that easy i have tried all those solutions and everytime something new causes a problem...

firstly i have a block on the extenstion but if someone decides to do example.exe and make it example.exe.gif or example.gif then the file gets through so thats just a prelimary block...

i also have tried the global $_FILES['foo']['type'] however an interesting problem arose with that...my actual upload begins from a flash form and then flash passes the file off to my php script so no matter what file i send they all have the exact same mime type application/octet-stream...so that idea was a wash

then i tried installing an extension on the server and for somereason it works twice and then just stops working and the only way to get it working again is to restart the server which is unacceptable....

so now im left with doing this on my own by matching specific patterns within the files...so far i have a function which works pretty well matching the first 4 bytes and it finds exes, dlls, and such but for plain txt files i need to read the whole file to match patters like #!/bin/foo or <?php or @echo off...just common script type indicators....

garrrrrrr thanks again

Share this post


Link to post
Share on other sites
Well shogun i gave the code you suggested a shot and it seems to be working okay thanks all

JustFoo

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.