5

This is based on Stack Exchange podcast # 25.

I really don't understand why there would need to be virus checking on uploaded files. It would generally be a bad idea to execute anything which was uploaded, so, so long as you make sure the files can't be executed... Granted, I also use Linux for my servers, so I leave the "execute" bit off.

cwallenpoole
  • 181
  • 4

5 Answers5

4

"so long as you make sure the files can't be executed"

Most formal theories of security are predicated on a logical expression of one or conditions. The problem with formal theories is they fail to anticipate behaviors outside the model. How do you make sure that the files cannot be executed?

Even Linux and Mac OS X/BSD machines occasionally come into contact with file systems that do not have execute permissions. Specifically, most removable flash media are formatted as FAT32.

Do your Linux machines automatically mount removable media?

Do you have WINE or another Windows compatibility framework installed?

If you answered yes to both these questions then congratulations: you too can be infected by Windows malware!

On the other hand if you virus-scan every file by default then you have less to worry about.

I disagree slightly with Hendrik. The main reason to check files for malware is to keep your own systems up and running efficiently. Then secondarily to keep your clients clean. If you lack the resources to operate, then fairly soon you won't have any. And virus scanning files is not really an onerous chore if you automate it.

this.josh
  • 8,843
  • 2
  • 29
  • 51
  • Some of this is correct in a non-controlled desktop environment, but it is not really likely that your server will be running Wine. – cwallenpoole Nov 03 '11 at 04:51
  • @cwallenpoole If it's available on the network, the server does not need to be the WINE host. Even in managed environments there are authorized devices running unauthorized software. Depending on the users WINE may even be authorized software. – this.josh Nov 04 '11 at 01:40
3

The main reason to check uploaded files for viruses, is that you can claim that you used state of the art technology and processes to protect your clients.

Assume another user gets infected by a file downloaded from your servers. He might try to sue you or report your to the trade authorities.

Hendrik Brummermann
  • 27,118
  • 6
  • 79
  • 121
3

The problem is that your core assumption there is, or may be, flawed in many circumstances. You say that:

It would generally be a bad idea to execute anything which was uploaded

  • Well, for a lot of functions this isn't true. Some functionality requires execution of uploads
  • Are you 100% sure you have secured every possible vulnerability?
  • Are uploads going to be downloaded by others, who don't have as secure an enevironment as you?

Virus/malware checking on upload is to add a layer of protection because circumstances change, mistakes happen, vulnerabilities are discovered.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
2

The server may not be executing anything - if it helps, think of it as a smarter disk. One user saves an infected file to the disk/to your server, another user copies the file off it. The server has never executed the file, yet it served as a vector for spreading the infection.

Therefore, it makes some sense to check the files as they are stored, even if the server itself is not necessarily vulnerable to the infections.

Piskvor left the building
  • 1,644
  • 15
  • 14
0

Without having listened to the podcast itself, I guess it depends what you are doing with the uploaded files. Just taking off the execute bit won't help, e.g. if someone uploads a php file into your document root then calls it's URL.

AV checking is very limited in detecting malware.

The best solution is to convert the files to a different format and be careful about file extensions - as discussed here recently.

Community
  • 1
symcbean
  • 18,278
  • 39
  • 73