views:

119

answers:

2

I am trying to provide a service on my website to allow users to upload files so others can download them.

The issue is, since some of these files I will allow to upload will be .zip/.rar files, I am curious as to what ideas exist to help prevent the uploading of archives with Viruses/trojans etc. included. Some .zip files will include legitimate .exe files,though I am not sure what options I have.

I thought about it and I don't have a method for verifying with a virus scanner on the server, since I am on shared hosting w/o the option to run a service like that... nor do I have the knowledge on how to do that. I am also aware there is no php class or database to scan the files for viruses. This means, my only options are to rely on:

a). manual approval <-- not an acceptable option for me as it might become a busy site with thousands of uploads b). get the users to somehow point out it if has viruses through voting or "flagging", etc....

anyway, regarding "b" - what ideas would you suggest?

A: 

A big "report virus" button next to download? Manually approving these should be possible.

Or mark the file as "Potentially dangerous" after a number of clicks.

Robus
ah thats a good addition. THanks!
Joe
A: 

The "Report" button sounds like a good idea, maybe you could add a comment system too to allow people to explain why they think the file is a virus or simply a useless file (and find a way to "give thanks" to the user, like the reputation system on StackOverflow ?).

Shelldon
I have a comments system in place already. I also already added the flagging system too. I am wondering about other additional ideas, if any... the only other thing I just thought of is to manually approve them - only I can have "trusted" users who I automatically approve. This way I only need to check an upload from a user the first time, after that I "trust" they won't do anything bad... and then I also provide the other features: flagging and comments.
Joe
And give the "trusted" users the ability to mark a file as "dangerous" as proposed by Robus ?
Shelldon