Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
  1. #1
    Regular Coder
    Join Date
    May 2009
    Location
    Moore, OK
    Posts
    282
    Thanks
    11
    Thanked 41 Times in 41 Posts

    PHP Scanning Uploaded Files For Viruses

    Hi I am trying to find out how to scan my uploaded files for viruses. I have been searching for a bit and the only posts I have found are like 2007 posts that say to use clamav. The only problem is that is hadn't been updated for a while back in 2007 and now the website is some car loan page. I managed to find the files but noticed it is a UNIX file which would work at home but not at work where I'm using IIS running PHP. And what worries me is that it seems this php-clamavlib project is dead and not being updated. So is there a new one to use? Or how else would I do it? Thanks for any help.

  • #2
    Senior Coder angst's Avatar
    Join Date
    Apr 2004
    Location
    Toronto, Ontario
    Posts
    2,114
    Thanks
    15
    Thanked 122 Times in 122 Posts
    you'll need to find a command line based virus scanner, then trigger it when a file has been uploaded. try a google search for "windows command line virus scanner"

    http://www.google.ca/search?rlz=1C1C...+virus+scanner

  • #3
    Regular Coder
    Join Date
    May 2009
    Location
    Moore, OK
    Posts
    282
    Thanks
    11
    Thanked 41 Times in 41 Posts
    Thanks... I will check with the guys in the IT to make sure which version of AV we are running here... So would you recommend doing the same for a UNIX system or something different.

  • #4
    Senior Coder angst's Avatar
    Join Date
    Apr 2004
    Location
    Toronto, Ontario
    Posts
    2,114
    Thanks
    15
    Thanked 122 Times in 122 Posts
    it would be the same logic on any system. though as always, *nix systems likely make it run a little more smoothly. I don't have much experience executing command line programs on windowz/iis. but it should work.

  • #5
    Regular Coder
    Join Date
    May 2009
    Location
    Moore, OK
    Posts
    282
    Thanks
    11
    Thanked 41 Times in 41 Posts
    Quote Originally Posted by angst View Post
    *nix systems likely make it run a little more smoothly.
    That make's me smile...hahaha Yea, It takes about 3 to 4 times as long to write for windows and MsSQL as it does with a Unix/Linux system with MySQL. And then it never runs 100% as well as it should. Thanks for the help.

  • #6
    Senior Coder angst's Avatar
    Join Date
    Apr 2004
    Location
    Toronto, Ontario
    Posts
    2,114
    Thanks
    15
    Thanked 122 Times in 122 Posts
    lol,, yes.
    good luck and please post back with your results. would be interesting to see how well it works.

    thanks!

  • #7
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Quote Originally Posted by Coyote6 View Post
    And what worries me is that it seems this php-clamavlib project is dead and not being updated.
    Try reading the actual ClamAV site. There are multiple ways you could scan with it.

    http://www.clamav.net/

  • #8
    Regular Coder
    Join Date
    May 2009
    Location
    Moore, OK
    Posts
    282
    Thanks
    11
    Thanked 41 Times in 41 Posts
    Quote Originally Posted by MattF View Post
    Try reading the actual ClamAV site. There are multiple ways you could scan with it.

    http://www.clamav.net/
    I tried to read some of it but got kind of lost and wondered if it was the best way...

  • #9
    Senior Coder angst's Avatar
    Join Date
    Apr 2004
    Location
    Toronto, Ontario
    Posts
    2,114
    Thanks
    15
    Thanked 122 Times in 122 Posts
    seems like a good option for *nix.

  • #10
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Quote Originally Posted by Coyote6 View Post
    and wondered if it was the best way...
    I would say so. You could use either exec() and call clamscan from the script to scan the file(s), or connect via a TCP/unix socket and scan it directly.

  • #11
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Info regarding sockets:

    http://www.clamav.net/doc/latest/html/node26.html

    Should be simple enough to connect and scan that way using fsockopen and such. There'll also be far less overhead doing it this way. Clamscan, (unlike clamdscan, which requires permissions on the files to be the Clam user or group, but can't remember which offhand), has to load the sig files each time it's called.
    Last edited by MattF; 02-02-2010 at 07:41 PM.

  • #12
    Regular Coder
    Join Date
    May 2009
    Location
    Moore, OK
    Posts
    282
    Thanks
    11
    Thanked 41 Times in 41 Posts
    Okay so I found a nice GUI interface to download ClamAV on my mac.

    http://www.clamxav.com/index.php?page=dl

    Pretty darn simple....

    Next I downloaded the anti virus test file.

    http://www.eicar.org/download/eicar.com.txt

    Checked it and the scan worked. Came back saying it was a virus.

    Now for the code... I'm not too knowledgeable with command line so hopefully you can help me out. Here is the code I am just testing. But it keeps coming back a virus even though I know the file is not... Do I have the wrong command line path or something.
    PHP Code:
    $file =  'banner_6.jpg';
    $dir $path 'Images/Common/';
    $file_path realpath ($dir $file);
    if (
    is_file($file_path)){
        
    $safe_path escapeshellarg($file_path);
        
    $command '/usr/bin/clamscan --stdout ' $safe_path;
        
    $out '';
        
    $int = -1;
        
    exec($command$out$int);
        
        if (
    $int == 0) {
            
    $test 'File is clean.';
        }
        
    // File is a virus.
        
    else {
            
    $test 'File is a virus';
        }
    }
    else {
        
    $test 'Not a file.';
    }
    echo 
    $test

  • #13
    Regular Coder
    Join Date
    May 2009
    Location
    Moore, OK
    Posts
    282
    Thanks
    11
    Thanked 41 Times in 41 Posts
    Put it in the wrong location.
    PHP Code:
        $command '/usr/local/clamXav/bin/clamscan --stdout ' $safe_path
    Okay now that that is working... Matt you mentioned that you could call 'clamscan from the script to scan the file(s)'; Is this what you meant or something else cause this uses the exec command.

  • #14
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    That's what I meant. Clamscan scans with the privileges of the user calling it, so that's the one you want for exec. As I say though, that won't be the best option if the server is quite busy/loaded. Connecting directly to clamd via a socket would be preferable under those circumstances.

  • #15
    Regular Coder
    Join Date
    May 2009
    Location
    Moore, OK
    Posts
    282
    Thanks
    11
    Thanked 41 Times in 41 Posts
    Ya it runs kind of slow, so I will look into the socket in the morning. Thanks for the help guys.


  •  
    Page 1 of 2 12 LastLast

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •