do file uploads have to be store before virus scanned?

views:

answers:

+2 Q:

do file uploads have to be store before virus scanned?

Quick question guys,

I am trying to configure a virus scanner to scan file uploads by users and am just curious whether they must be stored on the server before being scanned or if you can scan before saving the file? I am running apache on linux with php.

Any advice appreciated.

+3 A:

Uploads go in /tmp, where they should be safe to scan prior to using move_uploaded_file to place them somewhere more permanent.

ceejayoz 2010-06-13 00:35:31

what do you mean prior to move_uploaded_file? Wouldn't you have to use that to save it in temp? Are you talking about posting the file and scanning it using $_FILES['Filedata']['tmp_name'] for reference?

Scarface 2010-06-13 03:23:27

nvm I just read this article http://www.php.net/manual/en/features.file-upload.post-method.php. I understand what you are saying now. I wish maybe you were a little more detailed in your answer, but you were right nonetheless and led to my understanding of the file upload process.

Scarface 2010-06-13 15:29:09

+1 A:

If you google scan stream for viruses you will find a lot of virus scanners that seem able to scan streams. You are going to need to find a commercial one for it to be effective (I doubt there are any open source ones, but I might be wrong). Viruses are created daily and updates are going to be needed to stay up to date.

Romain Hippeau 2010-06-13 00:36:45

ansaurus

tags:

views:

answers:

do file uploads have to be store before virus scanned?

related questions