[WEB SECURITY] Serverside Virus Scan

rajat karnwal rajatpch at yahoo.com
Fri May 2 18:43:19 EDT 2008


Hi,
   Thanks for your reply. This enhancement is about
uploading attachment in our system. It is not email
attachment, it is very similar the way jira allows you
to upload attachment to a bug. We are allowing most of
the common image, document, vedio files, archive
files( I do have complete extension list). 
   So requirement is to check extension spoofing and
virus scanning before this file can be stored in
database. I am in a stage where I have to make a
design decision how this can be achived.
   Can you please let me know where can I find these
standard image processing libraries or any other
library which can check the afforesaid file types.

Regards,
Rajat Karnwal
--- James Landis <jcl24 at cornell.edu> wrote:

> You're better off doing positive validation against
> known file types
> than blacklist/signature-based malware checking
> unless your
> application has to accept arbitrary file types. For
> example, your
> application might only need to accept image files as
> uploads. Use a
> standard image processing library to determine that
> the file is valid,
> reject file types that may have functional
> interpretations (e.g. WMF),
> and you can forget about wasting cycles on virus
> scanning.
> 
> If you do have to accept arbitrary files or files
> with functional
> meaning, there is no good way to programmatically
> determine that you
> aren't accepting malicious code. Traditional
> signature-based virus
> scanning has less than a 50% detection rate these
> days.
> 
> Can you give us more details about the server-side
> virus scan requirement?
> 
> -j
> 
> On Fri, May 2, 2008 at 1:24 PM, rajat karnwal
> <rajatpch at yahoo.com> wrote:
> > Hi,
> >    I have a requirement of doing server side virus
> >  scan and also needs to check the that file
> extension
> >  are not spoofed for the files uploaded. Max
> upload
> >  file size allowed will be few MB. Application is
> in
> >  Java.
> >    I know there are two approaches to acheive this
> >  First Approach) Integrate virus scan with the
> >  application and do in memory scan
> >
> >  Second Approach)  Download file into some secured
> area
> >  and then do virus scan. If file contains virus
> >  qurantine it.
> >    What I am not sure is which approach is the
> >  preffered approach. What are the pros and cons of
> >  each.
> >   Any help will be appreciated
> >  Regards,
> >  Rajat Karnwal
> >
> >
> >
> >      
>
____________________________________________________________________________________
> >  Be a better friend, newshound, and
> >  know-it-all with Yahoo! Mobile.  Try it now. 
>
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
> >
> > 
>
----------------------------------------------------------------------------
> >  Join us on IRC: irc.freenode.net #webappsec
> >
> >  Have a question? Search The Web Security Mailing
> List Archives:
> >  http://www.webappsec.org/lists/websecurity/
> >
> >  Subscribe via RSS:
> >  http://www.webappsec.org/rss/websecurity.rss [RSS
> Feed]
> >
> >
> 



      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list