3

I have an idea that will make all Linux servers running PHP more secure.

I want to configure php.ini File Uploads to scan any new file upload with ClamAV's clamscan.

Is it possible? How should I configure it?

Jørgen R
  • 10,568
  • 7
  • 42
  • 59
Michael Atef
  • 93
  • 1
  • 10
  • Not possible via php.ini. You can manually call for a scan of the uploaded file using its temp name `$_FILES['whatever']['tmp_name']` and exec() to the external CLI scanner. – Marc B Aug 14 '12 at 00:59
  • possible duplicate of [Dymanically running ClamAV's clamscan on file uploads with PHP](http://stackoverflow.com/questions/7648623/dymanically-running-clamavs-clamscan-on-file-uploads-with-php) – mario Aug 14 '12 at 01:02
  • mario , i mean with php.ini auto . if that found and work , it's will work with any upload script upload any file any where – Michael Atef Aug 14 '12 at 01:09
  • 1
    There's no such feature. As you've been told already. – mario Aug 14 '12 at 01:12
  • there any options with nginx or php-fpm ? – Michael Atef Aug 14 '12 at 01:15

1 Answers1

1

While there are libraries for interacting with ClamAV within PHP scripts, there is no way to automatically scan all uploaded files automatically.

Mainly, due to flexibility. For example, if you run a security website to track various viruses and store a copy of each, ClamAV would get to them during the upload, rendering your website useless. The better approach would be to do this in the client code, and use one of the libraries in the link above to perform scanning.

Having said that, I don't believe this is something that's impossible to achieve. You can write a PHP extension that hooks into fileuploads to automatically run ClamAV on uploaded files.

F21
  • 32,163
  • 26
  • 99
  • 170
  • http://wiki.nginx.org/HttpUploadProgressModule#track_uploads http://wiki.nginx.org/HttpUploadProgressModule#report_uploads can we use this two urls ?? – Michael Atef Aug 14 '12 at 02:08
  • I guess you could also fork that module and modify it so that it uses ClamAV to scan any uploaded file. – F21 Aug 14 '12 at 11:19