Are there any ways to check the file for viruses after uploading to the server?

The user uploads the file to the server, when going to the page with the file, I need to check it for viruses, and display text information that the file is infected, and the administration does not recommend to download it.

The OS on the Debian 7 server. I tried the ClamAV + extension for PHP. Zero sense of it, since the usual Troyan can not detect

  • one
    @rnddev, and the sense of most antiviruses is almost zero (and for money, too). By and large, all this for complacency. - By the way, which antiviruses caught that test trojan that ClamAV failed to cope with? - avp
  • @avp through virustotal and clamav sees it. ClamAV WIN.Trojan.Agent-249018 - Bastian
  • I tried virustotal api 2, generally terrible, that the file is long in the queue, they offer to buy a key for money, but I have no desire to invest in a non-commercial project. - Bastian

2 answers 2

Obviously, you need to check the file with antivirus and parse its answer. How exactly - choose for yourself. From unobvious solutions:

1) Installed somewhere drwebd, you can feed the file to it using your own protocol, from there you can get an answer. In this case, the file itself is not necessary to drive on the sockets, if it is accessible to the daemon through the file system. The description of the protocol and examples of clients with source codes are included in the delivery of drwebd. This solution may be better because you do not need to run a separate scanner for each file, which will initialize each time, load the databases, you can maintain queues from scanned files without duplicating unnecessary processes, etc.

2) Create a multipart/form-data at http://online.drweb.com/result/ and parse the answer. POST details - in forms that can be downloaded here (in fact, there is nothing necessary except for one input type="file" name="file" ). For this option, you do not need to install your antivirus at all.

Surely there are similar solutions from other antivirus vendors.

The user uploads the file to the server, when going to the page with the file, I need to check it for viruses,

Only one remark. In the general case, the file should be checked immediately after downloading, and only after that it is necessary to make a decision: put it into an accessible area and issue a link, or not. That is, no "go to the page with the file" if it should not be infected.

  • + virustotal.com/en/documentation/public-api + virusscan.jotti.org - etki
  • > Only one remark. In general, the file should be checked immediately> after downloading, and only after that make a decision:> add it to an accessible area and issue a link or not. That> there is no "transition to the page with the file" if it is infected to be> should not. I'm not interested in what the users will download, the main thing for me to warn them is Bastian
  • @Etki interesting proofs. thanks - Bastian
  • Nevertheless, the correct architectural and simply convenient point of verification is the processing of the adopted form. Moreover, the test itself can be run in parallel with this processing. - user6550
  • @rnddev, and @klopp is not about what users and warnings will download, it’s about architecture. - etki

Kaspersky Anti-Virus for Linux File Server

In large companies on the same network, there are often file servers running different platforms. In such cases, the task of protecting information becomes particularly relevant. Kaspersky Anti-Virus for Linux File Server is included in the updated line of products, solutions and services for heterogeneous networks offered by Kaspersky Lab.

  • @VasyOk, Try to write more detailed answers. Explain what your statement is based on. - Nicolas Chabanovsky