• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Tim Cooke
Sheriffs:
  • Rob Spoor
  • Liutauras Vilda
  • paul wheaton
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Mikalai Zaikin
  • Carey Brown
  • Piet Souris
Bartenders:
  • Stephan van Hulst

Avoid to Upload a Virus...

 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Everybody, I use an UploadServlet to upload a Curriculum from a JSP page. I want to avoid to upload a Virus... Is there some product to use? What I must do? Invoke an external virus scan program from the servlet?? Or what?

Thanx everybody!!!

Ev.
 
Ranch Hand
Posts: 221
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Invoke an external virus scan program from the servlet??

Sounds reasonable.

However, you could read the file as it's being uploaded, and if its header doesn't match the set format you require, then you can cancel the upload before it has completed.

What type of files are the 'Curriculum' files?
[ March 09, 2005: Message edited by: Horatio Westock ]
 
Evangelos Papadakis
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, thanks for the response!

ok, with curriculum File I mean a .DOC file,
That's mean, If I choose to accept only .DOC files, if I examine the begining of the file I can know that is a doc file?
It looks like a good solution. I will search now internet also for this solution.
Is there a standard bytes sequence for the doc files?
Is that method secure about the rest of the File?
I don't know how virus works. Can be a .doc file, with the initial bytes ok, to contain a virus that is activated during the reading of the word file?
 
Horatio Westock
Ranch Hand
Posts: 221
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Unfortunately for you, an MSWord file (.doc) can definately contain a virus - a macro virus. This means that even if you check that the file is a .doc file, that isn't enough to ensure that it is virus free. This is true of many file types, for example zip, exe and any MS office documents.

I suppose you will have to look into some kind of server side virus checking.
[ March 09, 2005: Message edited by: Horatio Westock ]
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
One important step to protect your server is to insure that the directory where your uploaded files go has no execute permissions.
 
Evangelos Papadakis
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok. I found (I think)...
I will call the antivirus command line program for every single file I receive.

Ex. for AVG free antivirus, something like:

Process p = Runtime.getRuntime().exec("avgscan.exe -C:\toScan\myDocument.doc");

I need just to examine the return codes to understand the result!
 
Ranch Hand
Posts: 5093
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Best is to set up the virus scanner to automatically scan the directory for new entries and verify they're clean.

Runtime.exec() isn't exactly portable...
 
There are 10 kinds of people in this world. Those that understand binary get this tiny ad:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic