antivirus support about filez HOT 10 CLOSED

Hi,

I've started working on filez 2.1 and I'm thinking about adding this feature. The only question is when (at each upload, or once a day when the CRON is called) and how to launch asynchronously the clamav check.

Cheers

from filez.

Hi Arnaud,

happy to know you're working on it. To tell the truth, I thought it could be useful to check for virus synchronously, and so I added the check at upload time, using your upload error control to give a feedback to the user if the file contain a virus (I used the EICAR definitions to test it). The delay introduced seems to be minimum for single file --- I didn't tested, but I think a couple of zipped directory full of exe files to check will take much longer.

As regards the antivirus per se, as I believe you have seen, there are more than one way to implement it. I tested a solution with the "PHP ClamAV": it is straightforward, but, as a lot of users pointed out, it makes each apache process to grow, at least, to 120 Mbytes (the clamav DB...), so it doesn't really seem a good way. Speaking about clamav, another way is to use clamdscan (clamd + the command line scanner), this one should be the best, since the daemon is preloaded, and the command line scanner does not have to initialize the signatures DB for every call, but I haven't tested it.

Anyway, let me know what you want to do and if you would like to have a look to our code for PHP ClamAV way.

from filez.

The way I see it is a configurable command line that will be called after each upload (as you described with clamdscan). For example :

av_check_command="clamscan [...] %filename%"

I will eventually add an option to prevent the file download until it is known to be clean. Have you an idea about what should be the default value for this option ?

Thanks for your code but I don't think that I'm gonna use PHP ClamAV, as it is a quite "heavy" solution. Using a configurable command line scanner should suit every needs.

from filez.

Yeah, I think you are absolutely right about PHP ClamAV.
As for the option to prevent download, in our version we delete the file as soon as the antivirus find something, and then we return an error:

Upload.php:
[...]
if ($this->checkVirus ($file)) {
$file->delete();
return $this->onFileUploadError (UPLOAD_ERR_VIRUS_FOUND);
}

and as far as I know, clamav cannot repair files, so maybe it is not possible to let to download it once it is clean.

bye
davide

from filez.

Yes I meant "once" the file has been deleted or validated by the antivirus :)

I'll leave this ticket open until the feature has been implemented

from filez.

Ok, sorry ;)
Anyway, I've tried to use clamdscan with clamav-daemon installed on Debian Lenny. The good news is that it seems to work well with the www-data user. The diff with the actual Upload.php:
http://dev.ing.unipi.it/Upload.php.diff

from filez.

Great news ! I'm very thankful for your work, I will integrate it quickly !

from filez.

Feature ok with clamav.
You can change or update command in filez.ini file.

from filez.

Great news!

from filez.

Integrated with ea4c168 and the setting [app] antivirus=true
Thank you fannyny and daserzw!

from filez.