3

Are there any best practices on virus scanning all files being uploaded to the Sitecore media library (and ultimately stored in Sitecore's DB)?

I searched all over the web but there is too much noise caused by the word virus since many people seem to have performance issues on server that have anti-virus software installed.

Francesco Gallarotti
  • 1,221
  • 1
  • 16
  • 39

4 Answers4

1

I don't know if it is an established best practice, but I would probably add a processor for the uiUpload pipeline that used an API or command line process for a commercial antivirus product. Other than the fact that it is in a pipeline processor, it shouldn't really be much different from how you would do it in any other ASP.NET application. Performance will definitely be a concern, but you could create a dialog with a psuedo progress bar to give some feedback to the user.

Ben Golden
  • 1,580
  • 9
  • 16
  • Performance will only be an issue on the CMS server (assuming it is separate from CD), and usually you can assume there are not many users/content editors, not enough to make a difference at least. But it's really going to depend on the specific use case. – jammykam Nov 06 '13 at 15:14
0

Take a look at this post by Mike Reynolds. It may help you out:

http://sitecorejunkie.com/2013/11/09/perform-a-virus-scan-on-files-uploaded-into-sitecore/

clickatwill
  • 950
  • 1
  • 10
  • 16
0

In one of our recent Projects, we were faced with a requirement to scan incoming files for virus. The problem in the project was that the files after begin uploaded, were made public available on the website.

The way we solved the problem was to implementing https://www.virustotal.com/. Its a free online virus scanner that has a public API. You can send files via SSL.

We implemented the solution by adding newly uploaded files to a Sitecore workflow. The workflow would handle the scanning of files, and move the files to the final stage of the workflow, if the files wasn't infected. If a file was infected, the file would be deleted. A Scheduler is running every 5 minutes to check for new incoming files with the workflow. This also means that the files aren't available straight away, as the scheduler has to check the file, but you should be able to implement the functionality directly when the user has uploaded the file, by adding your custom code to the upload pipeline.

BenMorel
  • 34,448
  • 50
  • 182
  • 322
Mikkel Holck Madsen
  • 61
  • 5
0

I am not aware of any published best practices, but if you are able to add a step in the upload process, you might want to take a look at Metascan, which provides API level integration to multiple antivirus engines. Using this, you could build a workflow for those uploaded files to scan them prior to them hitting your Sitecore media library by establishing rules based on the results of the antivirus engines used in your Metascan deployment. There's also a hosted version at metascan-online(dot)com

Disclaimer /// I am an employee of OPSWAT, who produces Metascan, but it appears to be a potential solution to your issue

Jeff Garon
  • 31
  • 2