Antivirus scanners are available in the FOSS area but integration with the web application is still a nightmare. Check the list of antivirus software here.
I did some googling around and eventually came up with the following integration options
- Command Line Option - Use a command line virus scanner,use the Runtime class to execute a scan on a file and based on the output of the program, display to the user whether or not the file is clean. Sligthly tricky and not a very clean program but still does the job.
- Using OPSWAT Meta Scan - OPSWAT MetaScan is an advanced engine for launching scan requests and obtaining scan results from many antivirus applications, as well as for analyzing file types. Metascan enables IT to develop multi-scanning solutions leveraging built-in antivirus engines from AVG, CA, ESET, Norman, VirusBuster EDK, MicroWorld, and ClamWin. Additionally, Metascan includes an easy, scalable interface to integrate with almost any antivirus engine on the market. Clean and elegant solution, but need to write a check for the same
- Using ModSecurity - ModSecurity is a Web Application Firewall that can be configured with the Web Server. ModSecurity has a feature to for inspecting files on upload which can be combined with an antivirus scanner software. Again not something out of the box. You end up adding another product for integration
- Using ICAP Servers - ICAP is a protocol designed to off-load specific Internet-based content to dedicated servers, thereby freeing up resources and standardizing the way in which features are implemented. Check out ICAP-Server for an Open Source implementation of ICAP server. One can run GreaseSpoon on top of an ICAP server. Greasespoon can intercept the HTTP traffic and allow the application to perform the virus scan. Again a convuluted way of achieving the same. SafeSquid is a another product in the market
Hope it helps others. Also, if someone has found another product/integration technique, please do let me know.