Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Avoid to Upload a Virus...

 
Evangelos Papadakis
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Everybody, I use an UploadServlet to upload a Curriculum from a JSP page. I want to avoid to upload a Virus... Is there some product to use? What I must do? Invoke an external virus scan program from the servlet?? Or what?

Thanx everybody!!!

Ev.
 
Horatio Westock
Ranch Hand
Posts: 221
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Invoke an external virus scan program from the servlet??

Sounds reasonable.

However, you could read the file as it's being uploaded, and if its header doesn't match the set format you require, then you can cancel the upload before it has completed.

What type of files are the 'Curriculum' files?
[ March 09, 2005: Message edited by: Horatio Westock ]
 
Evangelos Papadakis
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, thanks for the response!

ok, with curriculum File I mean a .doc file,
That's mean, If I choose to accept only .DOC files, if I examine the begining of the file I can know that is a doc file?
It looks like a good solution. I will search now internet also for this solution.
Is there a standard bytes sequence for the doc files?
Is that method secure about the rest of the File?
I don't know how virus works. Can be a .doc file, with the initial bytes ok, to contain a virus that is activated during the reading of the word file?
 
Horatio Westock
Ranch Hand
Posts: 221
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Unfortunately for you, an MSWord file (.doc) can definately contain a virus - a macro virus. This means that even if you check that the file is a .doc file, that isn't enough to ensure that it is virus free. This is true of many file types, for example zip, exe and any MS office documents.

I suppose you will have to look into some kind of server side virus checking.
[ March 09, 2005: Message edited by: Horatio Westock ]
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One important step to protect your server is to insure that the directory where your uploaded files go has no execute permissions.
 
Evangelos Papadakis
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok. I found (I think)...
I will call the antivirus command line program for every single file I receive.

Ex. for AVG free antivirus, something like:

Process p = Runtime.getRuntime().exec("avgscan.exe -C:\toScan\myDocument.doc");

I need just to examine the return codes to understand the result!
 
Jeroen Wenting
Ranch Hand
Posts: 5093
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Best is to set up the virus scanner to automatically scan the directory for new entries and verify they're clean.

Runtime.exec() isn't exactly portable...
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!