Jump to content

integrating virus scan with php


JustFoo

Recommended Posts

Hello all,
I have an upload script which uploads files to my server(windows) and what i would like to do is once the file is put into a safe directory just scan it with a virus scanner then if its clean move it to the correct directory on the server.  Is there any virus scanners that can be called with php?  My only thought was to just setup a scan everytime a new file was added to that specific folder.

thanks
Link to comment
Share on other sites

yea i had found some things about that but wasnt too sure..

another quick question about the upload script i am attempting to block files like html, or shell script files or batch files...my only thought about doing that would be to scan the file for certain key strings and if they match then thats the type of file...is there any other way to go about this also im having trouble scanning in the file line by line so i can test one line at a time instead of the entire file as one big string.  Right now i have the file as one big string but im not sure how i would test a specific string across the whole file would i haeto break the file up into specific sized chunks first???

thanks again
Link to comment
Share on other sites

You could do something like this to minimize the input time:

[code]
<?php

$f = fopen('list.txt','r');
$block=false;
$blocked = '(<html>|<\?php)';
while($line = fgets($f))
{
        if(preg_match('/'.$blocked.'/is',$line))
        {$block = true;}
}

if($block===true)
{
        //Do whatever if it's not allowed
        echo('File Blocked!!');
}
[/code]
Link to comment
Share on other sites

Couldn't you just make it so the only allowed uploads are pictures or HTML files? That way you wouldn't have to worry about scanning EXE's or other harmful filetypes (in this case, such as PHP since they could include harmful pages).
Link to comment
Share on other sites

There's an easier method of checking the file type, although it is a bit slack. The MIME type of a file is passed in the $_FILES array with $_FILES['file']['type'] - Although this shouldn't really be trusted as this information is decided by the browser and can be spoofed. Another easier method, although not bulletproof, is to just check the extension and match it against a list of allowed extensions...
[code=php:0]$ext = substr($_FILES['file']['name'],strrpos($_FILES['file']['name'],"."));[/code]
I normally find both of these solutions adequate.
Link to comment
Share on other sites

^ That's essentially when I was suggesting. You could make an array of allowed types:
$allowed = array('image/gif', 'image/jpeg', 'image/png');
if (in_array($_FILES['upload']['type'], $allowed) {
  // Continue to process
}
else {
  // Tell them its bad
}

And replace ['upload'] with whatever the name of the input you use is.
Link to comment
Share on other sites

yea i wish it were that easy i have tried all those solutions and everytime something new causes a problem...

firstly i have a block on the extenstion but if someone decides to do example.exe and make it example.exe.gif or example.gif then the file gets through so thats just a prelimary block...

i also have tried the global $_FILES['foo']['type'] however an interesting problem arose with that...my actual upload begins from a flash form and then flash passes the file off to my php script so no matter what file i send they all have the exact same mime type application/octet-stream...so that idea was a wash

then i tried installing an extension on the server and for somereason it works twice and then just stops working and the only way to get it working again is to restart the server which is unacceptable....

so now im left with doing this on my own by matching specific patterns within the files...so far i have a function which works pretty well matching the first 4 bytes and it finds exes, dlls, and such but for plain txt files i need to read the whole file to match patters like #!/bin/foo or <?php or @echo off...just common script type indicators....

garrrrrrr thanks again
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.