1

So I did some research on checking an uploaded pdf for viruses and I found these 2 solutions:

  1. Save the file to the hard disk, let the antivirus quarantine/delete it if it was infected, then check if the file still exists on the disk.

  2. Use an antivirus that supports calling it through .net and scan the file

What I am thinking instead is to read the uploaded pdf file stream using something like iTextSharp then writing a new file but after stripping any macros.

One of the benefits would be making sure that the uploaded file is a pdf since it will be parsed by the iTextSharp, but would it also protect it from viruses?

Bassel Banbouk
  • 403
  • 5
  • 15
  • 2
    Are macros the only way to make a PDF file malicious? That is the only limitation here that jumps out at me. – Josh Darnell Apr 30 '13 at 20:27
  • Check out this post http://stackoverflow.com/questions/975112/net-virus-scanning-api it offers a number of options for virus scanning the file. as @jadarnel27 says stripping macros may not be enough! – Luke Baughan May 01 '13 at 11:01
  • This blog should give you most of the utility code for running ClamAV using .net theres a project on github etc http://architectryan.com/2011/05/19/nclam-a-dotnet-library-to-virus-scan/#.UYD2ftyG3h4 – Luke Baughan May 01 '13 at 11:04
  • So it seems that stripping the macro and re-creating the file is not enough. Using an antivirus to scan the file or stream is a must... – Bassel Banbouk May 01 '13 at 12:06

0 Answers0