[WEB SECURITY] Serverside Virus Scan

rajat karnwal rajatpch at yahoo.com
Fri May 2 16:24:13 EDT 2008


Hi,
   I have a requirement of doing server side virus
scan and also needs to check the that file extension
are not spoofed for the files uploaded. Max upload
file size allowed will be few MB. Application is in
Java.
   I know there are two approaches to acheive this
First Approach) Integrate virus scan with the
application and do in memory scan

Second Approach)  Download file into some secured area
and then do virus scan. If file contains virus
qurantine it.
   What I am not sure is which approach is the
preffered approach. What are the pros and cons of
each.
  Any help will be appreciated
Regards,
Rajat Karnwal



      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list