0

We are implementing a COTS package that allows you to upload files from a Thick-Client - over HTTP Web Services - to SQL 2008, where the files are stored in a VarBinary(Max). The solution will be running on Microsoft based environment.

We have a requirement to "virus-scan the files" during upload.

I was wondering if doing this as an API call from an HttpHandler or HttpModule was a bad idea or not (or even feasible). has anyone done this before?

Adrian K
  • 9,880
  • 3
  • 33
  • 59
  • Storing files on filesystem and only keeping their path in DB is more common. This way your AV will scan the files instantly when they are being copied into disk and you can prevent to store their path in DB if your AV detects any thread. – Farzan Aug 11 '13 at 18:29
  • @Farzan - the COTS system doesn;t work that way, so will only be an option if get them to modify how their system works. – Adrian K Aug 12 '13 at 04:08

1 Answers1

1

This should be possible with every antivirus that supports batch mode, this is for example how to do this with Security Essentials on the server:

Use Microsoft Security Essentials in C# when downloading email attachment

My only note to that would be to have a queue of pending files and process files one-by-one from the queue so that you don't run more instances of the antivirus when processing concurrent requests. This could probably slow down your servers.

Community
  • 1
  • 1
Wiktor Zychla
  • 47,367
  • 6
  • 74
  • 106
  • Thanks. I'm guessing there's a lot of detail hidden in that approach. Question: when you say a Queue are you implying an asychronous approach? Ideally I want to slot this scanning into the existing process so that we don't affect how the COTS package currently works (granted the scanning might make the "upload" take longer). – Adrian K Aug 05 '13 at 23:26
  • By queue I mean a separate queue where items are scanned one by one so that two or more scans never occur concurrently. – Wiktor Zychla Aug 06 '13 at 05:14