[WEB SECURITY] Serverside Virus Scan

Joe White joe at cyberlocksmith.com
Wed May 21 13:48:49 EDT 2008


If I might be allowed to re-open this thread since I am now involved
in a project implementing server side malware scanning of attachments
in a J2EE environment.

Ideally, the server side malware scanning would be architected in a
way that did not tie the software architects hands to a particular
vendor or scanning engine for the actual malware scanning.  I am
hoping to find a server side solution that is completely transparent
to the application itself and allows for 'plug and play' of virus
scanning engines/vendors as needed.

any thoughts on scanning engines or vendors that might offer such a
transparent solution?

what does GMail, Yahoo! and others use for server side malware
scanning?  does anyone know?

thanks,
joe

<<<>>>

On Sun, May 4, 2008 at 2:30 PM, Ryan Barnett <rcbarnett at gmail.com> wrote:
> If you front-end the app with ModSecurity, you can use the @inspectFile
> operator to look at the file
> (http://www.modsecurity.org/documentation/modsecurity-apache/2.5.2/modsecurity2-apache-reference.html#N11902).
> When users upload a file (multipart-form-data) Mod will dump it to a
> temporary file on disk and then you can plug-in any script that you want to
> analyze the file.  Most people use a wrapper script to integrate with
> something like ClamAV.  Here is an example from the older Mod 1.9 docs
> (http://www.modsecurity.org/documentation/modsecurity-apache/1.9.3/html-multipage/06-special_features.html#N1083F).
>
> --
> Ryan C. Barnett
> ModSecurity Community Manager
> Breach Security: Director of Application Security Training
> Web Application Security Consortium (WASC) Member
> CIS Apache Benchmark Project Lead
> SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
> Author: Preventing Web Attacks with Apache
>
> On Fri, May 2, 2008 at 4:24 PM, rajat karnwal <rajatpch at yahoo.com> wrote:
>>
>> Hi,
>>   I have a requirement of doing server side virus
>> scan and also needs to check the that file extension
>> are not spoofed for the files uploaded. Max upload
>> file size allowed will be few MB. Application is in
>> Java.
>>   I know there are two approaches to acheive this
>> First Approach) Integrate virus scan with the
>> application and do in memory scan
>>
>> Second Approach)  Download file into some secured area
>> and then do virus scan. If file contains virus
>> qurantine it.
>>   What I am not sure is which approach is the
>> preffered approach. What are the pros and cons of
>> each.
>>  Any help will be appreciated
>> Regards,
>> Rajat Karnwal
>>
>>
>>
>>
>>  ____________________________________________________________________________________
>> Be a better friend, newshound, and
>> know-it-all with Yahoo! Mobile.  Try it now.
>>  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
>>
>>
>> ----------------------------------------------------------------------------
>> Join us on IRC: irc.freenode.net #webappsec
>>
>> Have a question? Search The Web Security Mailing List Archives:
>> http://www.webappsec.org/lists/websecurity/
>>
>> Subscribe via RSS:
>> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>>
>

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list