-2

I installed ClamAV and PHP-ClamAV on my Ubuntu server.

Everything works... But it is extremely slow. Even when I just call basic functions without scanning a file. So it got me wandering if I really needed ClamAV and if they were other alternatives to protect my server from potential problems with user uploaded files.

So should I use ClamAV or is there better and faster solutions to protect my server from user uploaded content?

jnbdz
  • 927
  • 5
  • 24
  • 46
  • 1
    This is really a question only you can answer -- What is your goal? ClamAV is usually used to protect vulnerable clients (e.g. scanning email, and rejecting it if there's a virus so the precious Windows desktops aren't at risk when the CEO opens and runs random attachments). If you're not concerned about that there's nothing to protect and no value to scanning files. – voretaq7 Nov 10 '12 at 00:51
  • I am building a web app where my user will be able to upload epubs files and I want to make sure they are no executable files... – jnbdz Nov 10 '12 at 00:53
  • 2
    you can check that at programming language level. installing antivirus to check the file types is waste of resources. Have you think about limiting uploaded filetypes in php? – Hex Nov 10 '12 at 00:59

1 Answers1

3

Based on your real goal (I am building a web app where my user will be able to upload epubs files and I want to make sure they are no executable files.) ClamAV is probably overkill for your needs.

You can use the file utility (or various APIs that hook the same database of magic data) to determine what kind of file the user is trying to upload, and reject it if you don't like what they're sending you.
The file utility is extension-independent, so it will also deal with someone renaming (e.g.) a .exe file to .xxx.

Note that if you're going to accept quasi-executable files (like Word or Excel documents, which may contain macros - and thus macro viruses) you would still need something like ClamAV to scan them, but you could substantially reduce the scanning overhead by only scanning "unsafe" file types like these rather than every file uploaded...

voretaq7
  • 79,879
  • 17
  • 130
  • 214
  • I know how to check for Images... But what about other file types? you wrote that I should use file utility and/or APIs... What APIs? Do you recommend any? Or is file utility enough? – jnbdz Nov 10 '12 at 01:33
  • 1
    @Jean-NicolasBoulayDesjardins The API bit would be a question for [StackOverflow](http://stackoverflow.com) - I know you *can* access the same magic numbers database `file` uses from within programming languages, but I've no idea how to do that in any language other than C. If I were doing this in PHP I'd just shell out to the `file` utility & parse its output. – voretaq7 Nov 10 '12 at 01:41