tags:

views:

119

answers:

2
+1  Q: 

PHP - file uploads and ways to prevent viruses from being uploaded in zip/rar archives

I am trying to provide a service on my website to allow users to upload files so others can download them.

The issue is, since some of these files I will allow to upload will be .zip/.rar files, I am curious as to what ideas exist to help prevent the uploading of archives with Viruses/trojans etc. included. Some .zip files will include legitimate .exe files,though I am not sure what options I have.

I thought about it and I don't have a method for verifying with a virus scanner on the server, since I am on shared hosting w/o the option to run a service like that... nor do I have the knowledge on how to do that. I am also aware there is no php class or database to scan the files for viruses. This means, my only options are to rely on:

a). manual approval <-- not an acceptable option for me as it might become a busy site with thousands of uploads b). get the users to somehow point out it if has viruses through voting or "flagging", etc....

anyway, regarding "b" - what ideas would you suggest?

A: 

A big "report virus" button next to download? Manually approving these should be possible.

Or mark the file as "Potentially dangerous" after a number of clicks.

Robus  2010-05-09 16:49:02
ah thats a good addition. THanks!
Joe  2010-05-10 02:44:26
A: 

The "Report" button sounds like a good idea, maybe you could add a comment system too to allow people to explain why they think the file is a virus or simply a useless file (and find a way to "give thanks" to the user, like the reputation system on StackOverflow ?).

Shelldon  2010-05-09 16:54:18
I have a comments system in place already. I also already added the flagging system too. I am wondering about other additional ideas, if any... the only other thing I just thought of is to manually approve them - only I can have "trusted" users who I automatically approve. This way I only need to check an upload from a user the first time, after that I "trust" they won't do anything bad... and then I also provide the other features: flagging and comments.
Joe  2010-05-09 17:39:06
And give the "trusted" users the ability to mark a file as "dangerous" as proposed by Robus ?
Shelldon  2010-05-09 18:40:11

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL