Hello, for example, each user has the ability to upload files (pictures, video, audio and text). Question: how to check the files uploaded to users for viruses instantly so that the site works stably?

How do big projects handle this?

  • No, big projects do not bother themselves with this. And complete insanity is to check pictures, audio, video for viruses. - lampa
  • and how do they solve this problem for example if the virus got? - bemulima
  • 2
    @bemulima meaning of the virus is that it should somehow run. Pictures, videos, etc. - This is not executable files. In fact, they first undergo some kind of processing by third-party programs. - lampa
  • As one of the options kaspersky.ru/anti-virus-linux-file-server, however, not the slightest idea how it works, but judging by the description should be suitable to solve your problem. At the same time, you can keep the site itself on the same host, and the file server on another host and upload user-generated content to it ... well, most likely they do great projects :) - cyberdream

2 answers 2

Картинки, видео и т.п. - это не исполняемые файлы.

For a server, this is just binary garbage and its processing depends on the server settings. If you tell the PHP interpreter to process jpeg, say, as a script file, then it parses that file and executes the PHP code that will be there (if it finds one).

Much more promising is the task of setting appropriate access rights restrictions for downloaded files. And as half measures, protection from "hooligans" will suit both the task of, say, one, "left" extension for httpd executable files, and renaming, so that it is more difficult for the file to turn directly, and check for expansion, and resize images and much more.

Much depends on server resources. If your resources can afford this whim - Virustotal, for example, does not bend when it loads from checking file 1000 and 1 with antivirus, then please.

    On large projects, as a rule, make the conversion of the source file to the desired format. That is, they do not use the downloaded file in any way, but immediately convert it into their own formats (for images, they are converted to jpeg with the required set of sizes, for audio, to mp3 with different bitrates, for video, to mp4 with different resolutions).

    If the conversion was successful, the link to the file is added to the database, if not, an error is displayed to the user.

    Scanning for viruses makes sense large files that are placed as an archive or files with custom extensions (doc, xls, pdf, etc.).

    It also makes sense to allocate a separate repository for downloading files, and not to place it together with executable scripts and the database of the site. Even in the case of unauthorized access to the repository, hackers will still not be able to gain normal access to the site.