File Upload and Virus Scanners
Most of the Web Applications, where there is a feature for file upload, there is a requirement for doing virus scan of the uploaded file. When I checked around, there were not too many options in the FOSS area. 

Antivirus scanners are available in the FOSS area but integration with the web application is still a nightmare. Check the list of antivirus software here.

I did some googling around and eventually came up with the following integration options 

  1. Command Line Option - Use a command line virus scanner,use the Runtime class to execute a scan on a file and based on the output of the program, display to the user whether or not the file is clean.  Sligthly tricky and not a very clean program but still does the job. 
  2. Using OPSWAT Meta Scan - OPSWAT MetaScan is an advanced engine for launching scan requests and obtaining scan results from many antivirus applications, as well as for analyzing file types. Metascan enables IT to develop multi-scanning solutions leveraging built-in antivirus engines from AVG, CA, ESET, Norman, VirusBuster EDK, MicroWorld, and ClamWin. Additionally, Metascan includes an easy, scalable interface to integrate with almost any antivirus engine on the market. Clean and elegant solution, but need to write a check for the same
  3. Using ModSecurity - ModSecurity is a Web Application Firewall that can be configured with the Web Server. ModSecurity has a feature to for inspecting files on upload which can be combined with an antivirus scanner software. Again not something out of the box. You end up adding another product for integration
  4. Using ICAP Servers  - ICAP is a protocol designed to off-load specific Internet-based content to dedicated servers, thereby freeing up resources and standardizing the way in which features are implemented. Check out ICAP-Server for an Open Source implementation of ICAP server. One can run GreaseSpoon on top of an ICAP server. Greasespoon can intercept the HTTP traffic and allow the application to perform the virus scan. Again a convuluted way of achieving the same. SafeSquid is a another product in the market 
Hope it helps others. Also, if someone has found another product/integration technique, please do let me know.
4 Comments To ' File Upload and Virus Scanners '

Jayesh Badani said...

Hi Munish - What conversation the website practices if they find the virus, i mean what will are the messages and options for the end users if the virus is found.

Anonymous said...

a nice site yo find a good scanner is here

register domain in India said...

Yes, we need to do scanning when uploading the files. I found this is most useful post and it is highly appreciated. Thanks for taking your time to discuss it.

Anonymous said...

I appreciated what you have done here. I enjoyed every little bit part of it. I am always searching for informative information like this.
Register domain name India

Post a Comment