What would be the best way to verify a user uploaded file?

views:

answers:

What would be the best way to verify a user uploaded file?

After a file has been uploaded to the tmp folder, for example a pdf file, would php fileinfo mime check be enough to verify that the file is indeed a pdf file and is not infected?

How do you verify that a user uploaded file has no virus?

so that I could let users download it?

My scenario is this: A user uploads a pdf file, I then let another user read his pdf file.

A mime check does not guarantee anything, to be reasonably sure that a file has no virus, you will have to pass it through a virus scanner, like for example clam on linux.

jeroen 2010-10-23 15:47:41

+3 A:

php fileinfo mime check be enough to verify that the file is indeed a pdf file and is not infected

No. It will tell you if it looks like a PDF file, but do no virus checking.

How do you verify that a user uploaded file has no virus?

With a virus scanner. There are plenty of commercial and non-commercial packages out there.

David Dorward 2010-10-23 15:47:43

I thought php fileinfo checks the file info, and has nothing to do with browsers.

YuriKolovsky 2010-10-23 16:25:02

Oh. I misread, I thought you were talking about the data received in the request. I've corrected the answer.

David Dorward 2010-10-23 16:30:13

Is installing the virus scanner enough? or do I need to run it on every upload? if so, then how?

YuriKolovsky 2010-10-23 16:36:45

You have to run it on every upload. How you do that depends on what interfaces the virus scanner provides. Make sure you pick one that has either a PHP API or a command line interface (the latter are likely to be much more common).

David Dorward 2010-10-23 16:38:40

ansaurus

tags:

views:

answers:

What would be the best way to verify a user uploaded file?

related questions