Jump to content


Photo

integrating virus scan with php


  • Please log in to reply
10 replies to this topic

#1 JustFoo

JustFoo
  • Members
  • PipPip
  • Member
  • 17 posts

Posted 13 July 2006 - 01:47 PM

Hello all,
I have an upload script which uploads files to my server(windows) and what i would like to do is once the file is put into a safe directory just scan it with a virus scanner then if its clean move it to the correct directory on the server.  Is there any virus scanners that can be called with php?  My only thought was to just setup a scan everytime a new file was added to that specific folder.

thanks


#2 Kris

Kris
  • Staff Alumni
  • Advanced Member
  • 2,755 posts
  • LocationThe Internet

Posted 13 July 2006 - 02:16 PM

Many virus scanning packages offer a CLI, you could run your command with PHPs exec() function and check its output to see if the file is infected.

#3 ShogunWarrior

ShogunWarrior
  • Members
  • PipPipPip
  • Advanced Member
  • 528 posts
  • LocationIreland

Posted 13 July 2006 - 03:00 PM

Yeah, get a lightweight command line one and call it with shell_exec.
Make sure it's fast enough that it doesn't stall the pages too much or time out.
<a href="http://www.daviddora...nmedia.com/">My New Site/Blog</a> | <a href="http://www.daviddora...m/check/">Check your page for broken links/images/scripts</a>

Zend Certified Engineer
Follow me on Twitter: http://twitter.com/davidd

#4 JustFoo

JustFoo
  • Members
  • PipPip
  • Member
  • 17 posts

Posted 13 July 2006 - 03:04 PM

yea i had found some things about that but wasnt too sure..

another quick question about the upload script i am attempting to block files like html, or shell script files or batch files...my only thought about doing that would be to scan the file for certain key strings and if they match then thats the type of file...is there any other way to go about this also im having trouble scanning in the file line by line so i can test one line at a time instead of the entire file as one big string.  Right now i have the file as one big string but im not sure how i would test a specific string across the whole file would i haeto break the file up into specific sized chunks first???

thanks again


#5 ShogunWarrior

ShogunWarrior
  • Members
  • PipPipPip
  • Advanced Member
  • 528 posts
  • LocationIreland

Posted 13 July 2006 - 03:32 PM

You could do something like this to minimize the input time:

<?php

$f = fopen('list.txt','r');
$block=false;
$blocked = '(<html>|<\?php)';
while($line = fgets($f))
{
        if(preg_match('/'.$blocked.'/is',$line))
        {$block = true;}
}

if($block===true)
{
        //Do whatever if it's not allowed
        echo('File Blocked!!');
}

<a href="http://www.daviddora...nmedia.com/">My New Site/Blog</a> | <a href="http://www.daviddora...m/check/">Check your page for broken links/images/scripts</a>

Zend Certified Engineer
Follow me on Twitter: http://twitter.com/davidd

#6 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 13 July 2006 - 03:35 PM

Couldn't you just make it so the only allowed uploads are pictures or HTML files? That way you wouldn't have to worry about scanning EXE's or other harmful filetypes (in this case, such as PHP since they could include harmful pages).

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#7 brown2005

brown2005
  • Members
  • PipPipPip
  • Advanced Member
  • 943 posts

Posted 13 July 2006 - 03:37 PM

yeah u can do that, goto have a look at the tutorail http://www.phpfreaks...orials/85/0.php its about file uploading.....



#8 Kris

Kris
  • Staff Alumni
  • Advanced Member
  • 2,755 posts
  • LocationThe Internet

Posted 13 July 2006 - 04:05 PM

There's an easier method of checking the file type, although it is a bit slack. The MIME type of a file is passed in the $_FILES array with $_FILES['file']['type'] - Although this shouldn't really be trusted as this information is decided by the browser and can be spoofed. Another easier method, although not bulletproof, is to just check the extension and match it against a list of allowed extensions...
$ext = substr($_FILES['file']['name'],strrpos($_FILES['file']['name'],"."));
I normally find both of these solutions adequate.

#9 pixy

pixy
  • Members
  • PipPipPip
  • Advanced Member
  • 295 posts

Posted 13 July 2006 - 04:10 PM

^ That's essentially when I was suggesting. You could make an array of allowed types:
$allowed = array('image/gif', 'image/jpeg', 'image/png');
if (in_array($_FILES['upload']['type'], $allowed) {
  // Continue to process
}
else {
  // Tell them its bad
}

And replace ['upload'] with whatever the name of the input you use is.

This is a .44 Caliber Loveletter straight through my heart.

Tabulas + Threadless + Hire Me!


#10 JustFoo

JustFoo
  • Members
  • PipPip
  • Member
  • 17 posts

Posted 13 July 2006 - 04:27 PM

yea i wish it were that easy i have tried all those solutions and everytime something new causes a problem...

firstly i have a block on the extenstion but if someone decides to do example.exe and make it example.exe.gif or example.gif then the file gets through so thats just a prelimary block...

i also have tried the global $_FILES['foo']['type'] however an interesting problem arose with that...my actual upload begins from a flash form and then flash passes the file off to my php script so no matter what file i send they all have the exact same mime type application/octet-stream...so that idea was a wash

then i tried installing an extension on the server and for somereason it works twice and then just stops working and the only way to get it working again is to restart the server which is unacceptable....

so now im left with doing this on my own by matching specific patterns within the files...so far i have a function which works pretty well matching the first 4 bytes and it finds exes, dlls, and such but for plain txt files i need to read the whole file to match patters like #!/bin/foo or <?php or @echo off...just common script type indicators....

garrrrrrr thanks again

#11 JustFoo

JustFoo
  • Members
  • PipPip
  • Member
  • 17 posts

Posted 13 July 2006 - 05:19 PM

Well shogun i gave the code you suggested a shot and it seems to be working okay thanks all

JustFoo




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users