Issue Details (XML | Word | Printable)

Key: FILEUPLOAD-78
Type: Improvement Improvement
Status: Closed Closed
Resolution: Fixed
Priority: Minor Minor
Assignee: Unassigned
Reporter: Ralf Hauser
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Commons FileUpload

Documentation: illustrate how to integrate virus control

Created: 25/Feb/04 01:05 AM   Updated: 09/Mar/07 08:32 PM
Return to search
Component/s: None
Affects Version/s: 1.1 Final
Fix Version/s: None

Time Tracking:
Not Specified

Environment:
Operating System: other
Platform: Other

Bugzilla Id: 27193


 Description  « Hide
As per
http://marc.theaimsgroup.com/?l=jakarta-commons-user&m=107527043716371&w=2, it
would be great to have best practices how to integrate virus control in an
application using fileupload e.g. in the "using.html" page.
Any recommended open source packages or at least wrappers around commercial
definition files and engines?

Until then, how about placing this as an item in
http://jakarta.apache.org/commons/fileupload/tasks.html

http://marc.theaimsgroup.com/?l=struts-user&m=106121861923789&w=2 is another
thread that unfortunately doesn't get somebody planning to virus check uploads
much further in a detailed way

 All   Comments   Work Log   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Brian Ewins added a comment - 22/Mar/04 10:34 PM
We use the common ability of virus scanners to quarantine infected files
immediately after they are written, as a minimal level of integration.
Introducing a slight delay in processing the files is enough to ensure that they
have been scanned. Our customers have various virus scanners and this has worked
for all of them.

Of course, this isn't ideal, as if the scanner is off, or slow, the file will
still be there next time you look. Using on-demand scanning is slightly better
as you'll never get data from the file until after the scanner has kicked in. To
test this mechanism, use the eicar test files.
http://www.eicar.org/anti_virus_test_file.htm

For a more complete solution, AV vendors seem to be aligning around ICAP
(http://www.i-cap.org/spec/rfc3507.txt) as a way of plugging in to HTTP servers.
ICAP modifies HTTP requests/responses, so you'd have a proxy that used ICAP to
talk to an enterprise AV product. Notification appears in headers of the
modified request, see:
http://www.i-cap.org/spec/draft-stecher-icap-subid-00.txt

So you MAY get an 'X-Infection-Found' header if there's a virus; ie what the
header /actually/ is may vary from vendor to vendor, but you should see
something. Hence, with ICAP available, best practice would be to test for the
presence of a configurable infection-flagging header prior to parsing the file
upload.

Of course you wouldn't have been able to figure that out from the ICAP forum's
wonderfully opaque and probably autogenerated 'about' page:
http://www.i-cap.org/about/ ... (is this a joke?)


[ Permlink | « Hide ]
Martin Cooper added a comment - 15/Oct/04 11:10 AM
I've added some general information to the user guide on interaction with virus
scanners, and this will appear on the web site on the next refresh.

I consider the details of integrating virus scanning into an application to be
out of scope for the FileUpload user guide. However, this would make a fine
topic for a page on the Jakarta Commons wiki, should someone wish to provide
further information there.

http://wiki.apache.org/jakarta-commons


[ Permlink | « Hide ]
Ralf Hauser added a comment - 26/Jan/05 06:23 PM
see https://bugzilla.mozilla.org/show_bug.cgi?id=103487 for ideas how to handle
this for UAs (browser/mail) and pointers re "the Microsoft way"


Powered by a free Atlassian JIRA open source license for Apache Software Foundation. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators