PHP Scanning Uploaded Files For Viruses
 

Hi I am trying to find out how to scan my uploaded files for viruses. I have been searching for a bit and the only posts I have found are like 2007 posts that say to use clamav. The only problem is that is hadn't been updated for a while back in 2007 and now the website is some car loan page. I managed to find the files but noticed it is a UNIX file which would work at home but not at work where I'm using IIS running PHP. And what worries me is that it seems this php-clamavlib project is dead and not being updated. So is there a new one to use? Or how else would I do it? Thanks for any help.

you'll need to find a command line based virus scanner, then trigger it when a file has been uploaded. try a google search for "windows command line virus scanner"

http://www.google.ca/search?rlz=1C1C...+virus+scanner

Thanks... I will check with the guys in the IT to make sure which version of AV we are running here... So would you recommend doing the same for a UNIX system or something different.

it would be the same logic on any system. though as always, *nix systems likely make it run a little more smoothly. I don't have much experience executing command line programs on windowz/iis. but it should work.

That make's me smile...hahaha :D Yea, It takes about 3 to 4 times as long to write for windows and MsSQL as it does with a Unix/Linux system with MySQL. And then it never runs 100% as well as it should. :rolleyes: Thanks for the help.

lol,, yes.
good luck and please post back with your results. would be interesting to see how well it works.

thanks!

Try reading the actual ClamAV site. There are multiple ways you could scan with it.

http://www.clamav.net/

I tried to read some of it but got kind of lost and wondered if it was the best way...

seems like a good option for *nix.

I would say so. You could use either exec() and call clamscan from the script to scan the file(s), or connect via a TCP/unix socket and scan it directly.

Info regarding sockets:

http://www.clamav.net/doc/latest/html/node26.html

Should be simple enough to connect and scan that way using fsockopen and such. There'll also be far less overhead doing it this way. Clamscan, (unlike clamdscan, which requires permissions on the files to be the Clam user or group, but can't remember which offhand), has to load the sig files each time it's called.

Okay so I found a nice GUI interface to download ClamAV on my mac.

http://www.clamxav.com/index.php?page=dl

Pretty darn simple....

Next I downloaded the anti virus test file.

http://www.eicar.org/download/eicar.com.txt

Checked it and the scan worked. Came back saying it was a virus.

Now for the code... I'm not too knowledgeable with command line so hopefully you can help me out. Here is the code I am just testing. But it keeps coming back a virus even though I know the file is not... Do I have the wrong command line path or something.

Put it in the wrong location.
Okay now that that is working... Matt you mentioned that you could call 'clamscan from the script to scan the file(s)'; Is this what you meant or something else cause this uses the exec command.

That's what I meant. :) Clamscan scans with the privileges of the user calling it, so that's the one you want for exec. As I say though, that won't be the best option if the server is quite busy/loaded. Connecting directly to clamd via a socket would be preferable under those circumstances.

Ya it runs kind of slow, so I will look into the socket in the morning. Thanks for the help guys.