Which free antivirus can I use for a php application?

Question

I need to analyze the files uploaded to my site. What options do I have? I'm in a dedicated, so I can install things on Linux.

Is it normal for a site to analyze every file uploaded? Can this be done fast (eg: right after the file is uploaded), or is it something that a Cron job should do?

Are there any PHP libraries to do this?

The files I'm most worried about are images, because they are shown in every user's browser.

Note: I never worked with an antivirus, be kind =)

Basically any anti virus on the server will scan any files uploaded there. — Iznogood, Jul 24 '11 at 01:45
I think this is a perfectly fine question here. **What's a good, free antivirus component that I can call from PHP to scan uploaded files?** That's a little different than just installing an antivirus on the server in general. — deceze, Jul 24 '11 at 01:51
@deceze: "Install antivirus and call it from `exec()`" --- this is the most straightforward and effective solution — zerkms, Jul 24 '11 at 01:54

score 2 · Answer 1 · answered Jul 24 '11 at 01:51

2

I'd just use clamAV; quick and easy to install, free (as in freedom), has a variety of methods of use. It's not normal by any stretch.

answered Jul 24 '11 at 01:51

womble

96,255
29
175
230

Why isn't it normal? Because no one cares, or because it's absolutely unnecessary? – HappyDeveloper Jul 24 '11 at 01:56
Yeah, unnecessary would probably be the closest option. – womble Jul 24 '11 at 02:09
What if someone uploads a gif with a trojan, and I serve that gif to everyone, and my site gets flagged by google? Isn't that possible? – HappyDeveloper Jul 24 '11 at 02:47
Antivirus isn't enough to protect against the possibility of malicious users doing malicious things. – womble Jul 24 '11 at 02:49
So? What's your point – HappyDeveloper Jul 24 '11 at 21:22

score 1 · Answer 2 · answered Jul 24 '11 at 01:58

You should be able to use Clamscan. It's UNIX-based, free, and geared towards being integrated with mail servers, so it's very modular and flexible. It catches many forms of malware and is very very frequently updated.

http://www.clamav.net/lang/en/

I can't really answer your other questions as I'm not fluent in PHP, but you should be able to call an external program and get the results from it. Clamscan is console based and modular, so you shouldn't have much trouble getting output to analyze.

When to do the scanning is up to you; depends on system load and what's getting uploaded. If you want to Cron it that's not too hard. But personally I'd probably want to scan it right away as it's uploaded if I had access and control over the source code. Scanning a few files isn't very time-intensive as long as you're not getting a zip bomb or something like that (and there are protections in Clam against this as well.)

score 0 · Answer 3 · answered Jul 24 '11 at 02:48

0

The files I'm most worried about are images, because they are shown in every user's browser

ASAIK there is no virus that can travel to or through a server as a single image file. I don't think you need to scan images at all. Just make sure these are really images. Make sure the extension remains an image extension (JPG/PNG/etc). Those things are more important than virus scanning.

answered Jul 24 '11 at 02:48

2

That's not quite true: http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx is an example where only a single JPEG file is needed to exploit a system. – fission Jul 24 '11 at 03:47
Very interesting. It makes you wonder why such an infected image doesn't go around the internet, being uploaded by robots to any upload-website... Or are too many of those XP machines patched by now to make this 'interesting'? – Jul 24 '11 at 15:19

score 0 · Answer 4 · answered Jul 24 '11 at 07:12

0

there is also a clamav library for php. You'll find it here: http://php-clamav.sourceforge.net/

answered Jul 24 '11 at 07:12

jfried

451
3
4

Which free antivirus can I use for a php application?

4 Answers4