-5

I am working on a ColdFusion application which required to scan a file for virus before it upload to server. Is it possible?

Ajay Bhagat
  • 11
  • 4
  • 2
    Welcome to Stackoverflow! What have you tried Sohail? – Nilesh May 14 '15 at 11:45
  • Scan it after it's been uploaded to somewhere that you control. – Rowland Shaw May 14 '15 at 11:48
  • @Nilesh i have tried some process but they are working for already uploaded files. But my requirement is to scan it before uploading. – Ajay Bhagat May 14 '15 at 12:01
  • 4
    How can you scan a file before you have it? It is sitting on the user's pc. You cannot scan it there. Your requirement is not feasible. – Miguel-F May 14 '15 at 12:39
  • 1
    Ditto to what @Miguel-F said. From CF, you can only manipulate files on the server, not the client PC. When you say "before uploading..." perhaps you are referring to `cffile action="upload"`? That attribute name is misleading. When that tag executes, the file has already been uploaded to the server in some sort of temp directory. Action="upload" simply renames and/or moves it. – Leigh May 14 '15 at 13:15
  • 2
    Wish folks would give brand new members at least *one* chance to improve their questions :) Yes, the question is not as clear as it should be, but two (2) down votes (and several votes to close) are enough to get the point across. Let us at least give him an opportunity to clarify his question and provide more details first. – Leigh May 14 '15 at 13:24
  • Is it possible through JavaScript? @Leigh – Ajay Bhagat May 14 '15 at 13:53
  • No. Basic client side options (javascript, etcetera) are designed to deliberate limit access to the client system, for security reasons. Even if they weren't - there is no guarantee the client machine even has the necessary software installed. So as @Miguel-F said, your requirement really is not feasible. BTW, since you are probably new to SO, be aware it works differently than a discussion forum. As written, your question falls into the "off topic/unclear" categories. Please take a moment to read [Why some questions are closed/on hold"?](http://stackoverflow.com/help/closed-questions). – Leigh May 14 '15 at 15:29
  • @AjayBhagat - Not everyone reads the comments. Could you please update your question with some of the additional details you mentioned in your comments ie what you've done so far (scanning on server side with program XYZ, what you're asking (can you scan on client side), etc..? Otherwise, your question is likely to be closed as unclear/off topic. – Leigh May 14 '15 at 19:44

1 Answers1

3

There's no guarantee that the user even has an anti-virus program in the first place. Even if it was possible for JavaScript to call a desktop program on the user's computer (it can't), you wouldn't know if there was one or which one they had.

Your only choice is to upload the file to your server:

  1. Verify that the file being uploaded is of the correct mime-type and content for what you're expecting.
  2. Make sure that you upload it to a folder that is not publicly available to your website.
  3. Run it through the anti-virus program on your server

There are more tips for securely uploading files on Pete Freitag's site.

Community
  • 1
  • 1
Adrian J. Moreno
  • 14,350
  • 1
  • 37
  • 44
  • 1
    +1 Adrian. It would be nice if you could post at least the highlights from Pete's page to your answer in case his page is ever taken down. Obviously still give him credit for the info. – Miguel-F May 14 '15 at 16:13