tags:

views:

130

answers:

1
+1  Q: 

Uploading files to a server that has Real Time Antivirus scan running

I need to allow users to upload files onto a server that has an antivirus program running with real-time scanning switched on.

What would be a good design to ensure that infected files are not uploaded to the server.

Questions -

  1. would large files be copied onto disk and then immediately scanned, or would they be scanned as they are copied and not allowed to appear on disk if infected

  2. Should i build a seperate infrastructure around this to specifically ionvoke a scan on the copied file ? this might be an issue if the file is deleted through the real-time scan

+1  A: 
  1. This depends on your antivirus system and OS. This should be easy to determine through testing. On Windows, it seems that most real time antivirus systems scan the file as it is written to disk, and well before the file can be executed, moved, or copied by Windows Explorer. Windows Explorer gets an error if it continues to try to access the file.
  2. If the above doesn't meet your needs, then yes, you'll probably want to invoke the scan manually. If your antivirus automatically deletes or quarantines the file, you'd simply check to see if the file were still in its original location after the scan. Ideally, your antivirus would allow you to scan the file and return true or false as to whether it were infected, which would allow you to delete the file manually.
Marcus Adams  2010-05-25 14:03:19
Thanks, I am interested in point 1 of your answer. Are there any more details around how Anti virus software do this operation ?
zecougar  2010-05-26 06:25:23
On Windows 32-bit OS, most anti-virus programs patched the kernel, which sits between the OS and the hardware, so they're able to intercept the files at a low level. On Windows 64-bit OS, Microsoft provides a security API, which basically provides the same access.
Marcus Adams  2010-05-27 12:02:45

related questions

Centos or Debian as a server OS ?
Where can I find a FTP Server with an API?
Technical issues when switching to an unmanaged Virtual Private Server (VPS) hosting provider?
Should I use a dedicated network channel between the database and the application server?
Do I need to leave gaps in a standard server rack?
Monitoring CPU Core Usage on Terminal Servers
Which hardware to buy for a new Linux server system?
Website Hardware Scaling
Ajax polling.
I ALMOST understand how email works, but I'm missing something.
How do you minimize the number of threads used in a tcp server application?
Perfmon File Analysis Tools
Cleanest & Fastest server setup for Django
Is there some way to PUSH data from web server to browser?
How do I secure my new web server (Server 2008)?
Subversion Management Tools
What kind of servers did you virtualize lately?
Closet server versus Colo?
Personal Linux web server
Error ADMA5026E for WebSphere Application Server Network Deployment
What means the error SECJ0222E in WebSphere Application Server 5.1
What is called a Node in a WebSpere Network Deployment
Can someone give me a working example of a build.xml for an EAR that deploys in WebSphere 6
Asynchronous multi-direction server-client communication over the same open socket?
Best way to access Exchange using PHP?