How do you virus scan a file being uploaded to your java webapp as it streams? [closed]
Asked Answered
R

3

32

Basically, I want to virus scan files as they are uploaded (before writing them to disk) to a web app.

In particular, I'd like to integrate with "McAfee VirusScan Enterprise" (latest version).

From a design and maintenance perspective, would it perhaps be better to scan certain paths at the firewall using a third party product? That way the web app would not have to concern itself with virus scanning. So as to minimize overhead, do typical virus scanning firewalls let you specify URL patterns as well as a particular POST data pattern. This of course would not work if it's an HTTPS site (unless there's some way around that).

This post from stackoverflow seems to suggest that an SDK from McAfee is no longer available, but are there open source alternatives?

Recalescence answered 29/7, 2010 at 14:50 Comment(2)
This question should not be closed. He is asking how to integrate his app with virus scan. What scan to use is secondary. Come on, SO nazis, give it a rest.Tanguy
I agree. I asked the same question and got down-voted I am glad I found this post!Ravenravening
D
48

Check out Clamv ( http://www.clamav.net/ ) It is a open source anti-virus, and you can scan a stream. So you do not need to save the file for scanning it.

http://linux.die.net/man/1/clamscan

Scan a data stream: cat testfile | clamscan -

So it is quite easy, start the clamscan process with the - arg. write the file content to the stdin, and wait for the result code.

During your testing, you can use the EICAR file, which is a file dedicated for checking if an anti-virus is working. http://en.wikipedia.org/wiki/EICAR_test_file

Drawing answered 29/7, 2010 at 15:1 Comment(4)
+1 upvoting yours as you gave a LOT more detail on how to accomplish this.Philanthropy
Howto in java: nverma-tech-blog.blogspot.co.at/2014/04/…Coycoyle
is it advisable to go for an open source antivirus ?Napolitano
Can this stream data scan through command line be used in a window server too? If so how?Smoothbore
P
1

You might investigate ClamAV or ClamWin. They are open source virus scanners, ClamWin is based on ClamAV. You should be able to modify one of these (if someone hasn't already) to do what you want.

On the other end, you might consider simply dropping the streamed files into a directory and letting a scanner monitor that particular directory.

Philanthropy answered 29/7, 2010 at 14:56 Comment(1)
ClamAV has a lot of issues including false negatives (i.e. malware goes through). Also, you have to constantly update it and there is no guarantee of a robust check. We've had to now replace it because our security checks failed.Arbitrate
H
0

Kaspersky (and others probably) appears to have several ways to handle this at an enterprise level: http://usa.kaspersky.com/business-security/targeted-solutions

The internet gateway product might be of most relevance. It looks like it supports Checkpoint, Squid Proxy Server, and Microsoft.

Here is there download page for trials and documentation: http://usa.kaspersky.com/downloads/documentation

At an enterprise level you might decide to get an appliance (Cisco ACE for example) which off-loads the SSL and then use one of these options (or Cisco IOS Intrusion Prevention System (IPS) with Cisco firewalls). I have several clients with Cisco ACE devices, but am investigating virus detection at the firewall.

Hardener answered 14/3, 2013 at 19:22 Comment(1)
any more details?Vintner

© 2022 - 2024 — McMap. All rights reserved.