Security Basics mailing list archives
RE: [Web Security] File Upload Virus Scanning
From: Jabłoński, Paweł <PJablonski () ivmx pl>
Date: Sat, 10 Jul 2010 12:23:13 +0200
Hey, There are many solutions for virus scanning the content being sent through HTTP protocol and easy to integrate with your JEE web application like finjan.com, trendmicro.com for example. I think you might also want considering of implementing some CGI based logic inside the shell, that is invoked per file to run a virus scan locally - in that case you can use a virus software dependent of the platform you're using. That gives you more flexibility. Write your web application logic in the way that it will know if a downloaded file was scanned with A/V locally (CGI) and access it with some trigger, or db based parameter. As far as I can remember there's some Symantec solution for scanning files, API supported for Java. Called SymJavaAPI.jar or something like that. Try googling it also. Paweł Jabłoński IT Security Consultant ________________________________________ Od: listbounce () securityfocus com [listbounce () securityfocus com] w imieniu 0x4150 [0x4150 () gmail com] Wysłano: 9 lipca 2010 20:13 Do: security-basics () securityfocus com; websecurity () webappsec org; webappsec () securityfocus com Temat: [Web Security] File Upload Virus Scanning All, I am reviewing Java EE web application which allows uploads of various file types, stores them in a directory, and then offers the same files to other users for download. The files could be images (jpg, gif, png), documents (doc, docx, xls, pdf), or text files(txt, csv). My question is regarding virus scanning of these uploaded files. With vulnerabilities being reported in formats like PDF, I would like to protect the users and infrastructure as much as possible. Are there any best practices for this? What products (commercial or free) should I evaluate for this process? Thanks in advance for any insight! This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus -------------------------------------- ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- [Web Security] File Upload Virus Scanning 0x4150 (Jul 09)
- Re: [WEB SECURITY] [Web Security] File Upload Virus Scanning robert (Jul 09)
- Message not available
- Message not available
- Message not available
- Re: [WEB SECURITY] [Web Security] File Upload Virus Scanning Sripathi Krishnan (Jul 13)
- Message not available
- Re: [WEB SECURITY] [Web Security] File Upload Virus Scanning robert (Jul 09)