[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] Serverside Virus Scan
- From: "Joe White" <joe@xxxxxxxxxxxxxxxxxx>
- Subject: Re: [WEB SECURITY] Serverside Virus Scan
- Date: Wed, 21 May 2008 10:48:49 -0700
If I might be allowed to re-open this thread since I am now involved
in a project implementing server side malware scanning of attachments
in a J2EE environment.
Ideally, the server side malware scanning would be architected in a
way that did not tie the software architects hands to a particular
vendor or scanning engine for the actual malware scanning. I am
hoping to find a server side solution that is completely transparent
to the application itself and allows for 'plug and play' of virus
scanning engines/vendors as needed.
any thoughts on scanning engines or vendors that might offer such a
transparent solution?
what does GMail, Yahoo! and others use for server side malware
scanning? does anyone know?
thanks,
joe
<<<>>>
On Sun, May 4, 2008 at 2:30 PM, Ryan Barnett <rcbarnett@xxxxxxxxx> wrote:
> If you front-end the app with ModSecurity, you can use the @inspectFile
> operator to look at the file
> (http://www.modsecurity.org/documentation/modsecurity-apache/2.5.2/modsecurity2-apache-reference.html#N11902).
> When users upload a file (multipart-form-data) Mod will dump it to a
> temporary file on disk and then you can plug-in any script that you want to
> analyze the file. Most people use a wrapper script to integrate with
> something like ClamAV. Here is an example from the older Mod 1.9 docs
> (http://www.modsecurity.org/documentation/modsecurity-apache/1.9.3/html-multipage/06-special_features.html#N1083F).
>
> --
> Ryan C. Barnett
> ModSecurity Community Manager
> Breach Security: Director of Application Security Training
> Web Application Security Consortium (WASC) Member
> CIS Apache Benchmark Project Lead
> SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
> Author: Preventing Web Attacks with Apache
>
> On Fri, May 2, 2008 at 4:24 PM, rajat karnwal <rajatpch@xxxxxxxxx> wrote:
>>
>> Hi,
>> I have a requirement of doing server side virus
>> scan and also needs to check the that file extension
>> are not spoofed for the files uploaded. Max upload
>> file size allowed will be few MB. Application is in
>> Java.
>> I know there are two approaches to acheive this
>> First Approach) Integrate virus scan with the
>> application and do in memory scan
>>
>> Second Approach) Download file into some secured area
>> and then do virus scan. If file contains virus
>> qurantine it.
>> What I am not sure is which approach is the
>> preffered approach. What are the pros and cons of
>> each.
>> Any help will be appreciated
>> Regards,
>> Rajat Karnwal
>>
>>
>>
>>
>> ____________________________________________________________________________________
>> Be a better friend, newshound, and
>> know-it-all with Yahoo! Mobile. Try it now.
>> http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
>>
>>
>> ----------------------------------------------------------------------------
>> Join us on IRC: irc.freenode.net #webappsec
>>
>> Have a question? Search The Web Security Mailing List Archives:
>> http://www.webappsec.org/lists/websecurity/
>>
>> Subscribe via RSS:
>> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>>
>
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
Brought to you by http://www.webappsec.org
Search this site
|