10

Since I have no experience with AV solutions on Unix-like environments, I would need help with suggestions on something that can be suitable for scanning files that are uploaded by anonymous users through a Web application.

I'm mostly interested in providing an additional service to users to show that we care about what we distribute to them through our service, but nothing that would have to be 100% secure--we'll leave the 100% strive up to our user's discretion.

It would be great if it was something that's fast and resource efficient, preferably that could be used to scan single files passed through command-line arguments, but that could also work as a long-running process that we could access from several threads.

2 Answers2

13

A lot depends on which unix like environments you're talking about. Linux probably has the best support for AV engines - but the open-source ones will run on any posix environment.

Personally, I'd go for Clam Av. Not only has it got a very good fingerprint database, and update mechanism, but (perhaps not surprisingly) it's well documented as tool for integration into applications.

symcbean
  • 18,278
  • 39
  • 73
  • Just noticed this : http://virus.untangle.com/ – symcbean Nov 30 '11 at 11:49
  • Thanks for all the useful resources. With the catch rate and documentation reviewed, I'll be settling for ClamAV. – Filip Dupanović Nov 30 '11 at 13:05
  • With respect to the best practices, wondering for example : if the files are persisted to disk.. and then scanned... does persisting the files to disk ( in order to scan them) create a risk? Perhaps persisting them to an non executable folder can help. I know there are tools out there to scan a stream etc, but I am specifically wondering about there being a risk in just writing them to disk. I'm maintaining a legacy app which does this .. :-( – johnm May 16 '17 at 09:59
  • Yes, it creates several risks - but most of them are unrelated to the malware itself. The risks arising from the fact the file contains malware can be solved by applying suitable access control (e.g. permissions) until the file is determined to be satisfactorily clean. While I would not use the word "impossible" I cannot imagine how merely writing data to a disk could have unwanted side effects. But that does not take into consideration any wider processing of the data (e.g. consider zip bombs) – symcbean May 16 '17 at 11:55
5

ClamAV is an open source virusscanner that is often used by mailservers. You can easily script it, run it from cron, or from a webapp. It's typically used from commandline with arguments. It also has a daemon component (clamd).

chris
  • 3,000
  • 14
  • 22