Comments (10)
Hi,
I've started working on filez 2.1 and I'm thinking about adding this feature. The only question is when (at each upload, or once a day when the CRON is called) and how to launch asynchronously the clamav check.
Cheers
from filez.
Hi Arnaud,
happy to know you're working on it. To tell the truth, I thought it could be useful to check for virus synchronously, and so I added the check at upload time, using your upload error control to give a feedback to the user if the file contain a virus (I used the EICAR definitions to test it). The delay introduced seems to be minimum for single file --- I didn't tested, but I think a couple of zipped directory full of exe files to check will take much longer.
As regards the antivirus per se, as I believe you have seen, there are more than one way to implement it. I tested a solution with the "PHP ClamAV": it is straightforward, but, as a lot of users pointed out, it makes each apache process to grow, at least, to 120 Mbytes (the clamav DB...), so it doesn't really seem a good way. Speaking about clamav, another way is to use clamdscan (clamd + the command line scanner), this one should be the best, since the daemon is preloaded, and the command line scanner does not have to initialize the signatures DB for every call, but I haven't tested it.
Anyway, let me know what you want to do and if you would like to have a look to our code for PHP ClamAV way.
from filez.
The way I see it is a configurable command line that will be called after each upload (as you described with clamdscan). For example :
av_check_command="clamscan [...] %filename%"
I will eventually add an option to prevent the file download until it is known to be clean. Have you an idea about what should be the default value for this option ?
Thanks for your code but I don't think that I'm gonna use PHP ClamAV, as it is a quite "heavy" solution. Using a configurable command line scanner should suit every needs.
from filez.
Yeah, I think you are absolutely right about PHP ClamAV.
As for the option to prevent download, in our version we delete the file as soon as the antivirus find something, and then we return an error:
Upload.php:
[...]
if ($this->checkVirus ($file)) {
$file->delete();
return $this->onFileUploadError (UPLOAD_ERR_VIRUS_FOUND);
}
and as far as I know, clamav cannot repair files, so maybe it is not possible to let to download it once it is clean.
bye
davide
from filez.
Yes I meant "once" the file has been deleted or validated by the antivirus :)
I'll leave this ticket open until the feature has been implemented
from filez.
Ok, sorry ;)
Anyway, I've tried to use clamdscan with clamav-daemon installed on Debian Lenny. The good news is that it seems to work well with the www-data user. The diff with the actual Upload.php:
http://dev.ing.unipi.it/Upload.php.diff
from filez.
Great news ! I'm very thankful for your work, I will integrate it quickly !
from filez.
Feature ok with clamav.
You can change or update command in filez.ini file.
from filez.
Great news!
from filez.
Integrated with ea4c168 and the setting [app] antivirus=true
Thank you fannyny and daserzw!
from filez.
Related Issues (20)
- Erreur d'upload de fichier avec PHP7 HOT 3
- La taille du fichier dépasse la limite autorisée
- loggin is successfull but nothing happens
- Share button don't work with Firefox 50
- Mysql 5.7 sql_mode - STRICT_TRANS_TABLES HOT 1
- probleme configuration fileZ HOT 1
- probleme envoie mail HOT 1
- Problème de langue HOT 1
- PHP7 and filez HOT 1
- File list in admin pannel bug
- Gérer les quota par utilisateur et non globalement HOT 1
- How to configure quota per user and not globally HOT 1
- Modification du mot de passe utilisateur
- Error 500
- Non-ASCII characters in filename HOT 1
- Error () iconv_set_encoding(): Use of iconv.internal_encoding is deprecated
- Problème avec Safari sur macOS
- Internal Server Error - Unknown Zend_Ldap option: db_use_global_conf HOT 4
- Peut-on forcer l'utilisation de mot de passe pour l'upload de fichier ?
- Error avec phpCAS
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from filez.