Remote Machine Scan

Question

Hello,

As part of a web-application I'm building, I need to be able to scan the remote user's machine for viruses / malware, before they can continue using the web-application ... something like the McAfee On-Demand Scan.

I'm assuming that ActiveX would be the way to go (since all the On-Demand scanners of the antivirus companies seem to be ActiveX-based).

I'm a bit stuck on how to solve this problem. I'm hoping I don't have to rustle up something from scratch.

Does anybody have any ideas ? Is it possible to integrate some already available component into my code to do this ?

Do let me know if there's more information you need.

Regards, Sonal.

Answer 1

Short Answer: Just don't do this.

Long Answer: I would seriously re-evaluate your requirements here. Forcing a virus scan from a webapp is essentially impossible to do properly, and serves no real purpose from the perspective of the webapp. The whole point of the web is that it's a request initiated by the user, and run inside a sandbox. Forcing access to the rest of the machine for something like a virus scan is deliberately the exact opposite of the way it is meant to work

The only thing I can think of which would be sensible would be to offer an on demand scan, for which you would be best to redirect your users to an expert in the area - Panda ActiveScan is probably as good as any. But services such as these rely on downloadable program anyway in the form of java applet, browser plugin or similar - it's not done over the web.

Answer 2

Is the user part of your company? Is this an application that they will be required to use as part of their employment? If not, I can hardly see people visiting your site and saying "Oooh... he wants me to download and run a program on my machine!" Sounds like a great way to get your site on a bunch of "block lists".

Also, do you have a commercial arrangement with a virus scanning company that would allow you to install multiple copies of their commercial software on people's machines? I'm guessing not.

Really, I have to agree with Colin. This idea sounds dead before it even starts.

Answer 3

Thanks Colin, the.jxc !

I would normally agree with the assessment that forcing a full-blown virus scan from the webapp isn't the best of ideas. However, for this application it is a critical requirement to ensure a secure client environment before allowing access to the application.

This is not a public-domain application, and the users would either be a part of the company or under contractual agreement to permit the scan.

I found a COM component called MetaScan which allows such a scan.

My intention is not to conduct a file-scan, but just to make sure that no malware is active at the time of application usage.

I'm also trying to figure out if I can just write a component that can check the native antivirus status (active / updated etc.) and relay that status back to the application ... the rest being taken care of through a non-technology solution (like a contractual agreement / positive affirmation by the user or something).