[WEB SECURITY] Serverside Virus Scan

James Landis jcl24 at cornell.edu
Fri May 2 17:14:21 EDT 2008


You're better off doing positive validation against known file types
than blacklist/signature-based malware checking unless your
application has to accept arbitrary file types. For example, your
application might only need to accept image files as uploads. Use a
standard image processing library to determine that the file is valid,
reject file types that may have functional interpretations (e.g. WMF),
and you can forget about wasting cycles on virus scanning.

If you do have to accept arbitrary files or files with functional
meaning, there is no good way to programmatically determine that you
aren't accepting malicious code. Traditional signature-based virus
scanning has less than a 50% detection rate these days.

Can you give us more details about the server-side virus scan requirement?

-j

On Fri, May 2, 2008 at 1:24 PM, rajat karnwal <rajatpch at yahoo.com> wrote:
> Hi,
>    I have a requirement of doing server side virus
>  scan and also needs to check the that file extension
>  are not spoofed for the files uploaded. Max upload
>  file size allowed will be few MB. Application is in
>  Java.
>    I know there are two approaches to acheive this
>  First Approach) Integrate virus scan with the
>  application and do in memory scan
>
>  Second Approach)  Download file into some secured area
>  and then do virus scan. If file contains virus
>  qurantine it.
>    What I am not sure is which approach is the
>  preffered approach. What are the pros and cons of
>  each.
>   Any help will be appreciated
>  Regards,
>  Rajat Karnwal
>
>
>
>       ____________________________________________________________________________________
>  Be a better friend, newshound, and
>  know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
>
>  ----------------------------------------------------------------------------
>  Join us on IRC: irc.freenode.net #webappsec
>
>  Have a question? Search The Web Security Mailing List Archives:
>  http://www.webappsec.org/lists/websecurity/
>
>  Subscribe via RSS:
>  http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list