3

i am not sure whether this is in the right section or not but i am building an file upload site and want to be able to scan the files on upload for viruses etc.. How would i be able to do this?

Any ideas to get me started?

Thanks

Alistair Wise
  • 131
  • 1
  • 3
  • 7
  • You first of all need a virus scanner to get started. – hakre Dec 26 '11 at 18:02
  • Most likely you have to search for anti-virus solutions that allow for GUI-less access through an API. I guess they are rather expensive, if the even exist for general purchase without any special contracts. – Uwe Keim Dec 26 '11 at 18:03
  • Maybe searching for [Command Line Virus Scanner](http://www.google.com/search?q=command+line+virus+scanner) also gives you an idea on how to start. – Uwe Keim Dec 26 '11 at 18:04
  • possible duplicate of [PHP Upload file enhance security](http://stackoverflow.com/questions/2751384/php-upload-file-enhance-security) – hakre Dec 26 '11 at 18:08
  • Probably this is something? : [How To Automatically Scan Uploaded Files For Viruses With php-clamavlib](http://www.howtoforge.com/scan_viruses_with_php_clamavlib) – hakre Dec 26 '11 at 18:10

4 Answers4

2

You could try something like the following using AVG:

Windows:

<?php
    exec("avgscanx.exe /SCAN=filename.ext/");
    $result = exec("echo %ERRORLEVEL%");
?>

Linux:

<?php
    exec("avgscan filename.ext -a -H -c");
    $result = exec("echo $?");
?>

Both platforms return the same error codes, allowing you to determine whether a scan was successful or not.

References:

Andrew Odri
  • 8,868
  • 5
  • 46
  • 55
  • Hi thanks for the reply, i tried it out and outputed the result but only got 0, which means it did not find anything, however the file i was scanning i know definately has a virus in it, and when i scanned it with avg anti virus 2012, it found the virus, any ideas? – Alistair Wise Dec 29 '11 at 21:54
  • Hmm, try scanning from the command line manually using the switches here: http://www.avg.com/ww-en/faq.num-4443. This will help in working out what exactly is going on. Are you using Windows or Linux? – Andrew Odri Dec 29 '11 at 21:57
  • i am testing it on my windows computer through apache xampp, which i think is windows – Alistair Wise Dec 29 '11 at 22:03
  • Could it be the avg version i downloaded, i downloaded the avg anti-virus 2012 and installed it to my computer. I then copied all the files in the programme files directory to my website folder in xampp, is this correct? Thanks for all the help – Alistair Wise Dec 29 '11 at 23:02
  • That may be the problem... There should be no need to copy the program files into the XAMPP directory; AVG should be in the system path. If it is not, then include the full path the installation folder for testing. Another thing that may be helpful is going to "Run.." on the Star Menu, typing in "cmd", and trying to run the command right from there. – Andrew Odri Dec 29 '11 at 23:33
  • ok brilliant, i just had a thought, at the moment i am running this on my home computer, but when i eventually move it all to the web server, do i have to install the whole AV suite to the web server or can i just copy the avgscanx.exe to the server? – Alistair Wise Dec 29 '11 at 23:59
  • Yes, you will definitely need to install it on the server :) – Andrew Odri Dec 30 '11 at 00:30
  • Hi, ok i ran the avgscana in command prompt and it found the virus, any ideas why it is not finding it in the website? – Alistair Wise Dec 30 '11 at 00:46
  • Have you removed avgscanx.exe from the folder? If it there it will use it, which is a problem because it won't see the definition files. However, if you remove it, it will use the AVG installation on the system, the same way the command line does. – Andrew Odri Dec 30 '11 at 01:01
  • ok, no i haven't removed it, i will remove it now and see what happens – Alistair Wise Dec 30 '11 at 01:04
  • Just tried it and still no luck, it still only displays the 0 here is the code i am using `exec("C:\\Program Files (x86)\AVG\AVG2012\avgscana.exe /SCAN=daniel_crypted.exe/"); $result = exec("echo %ERRORLEVEL%");` – Alistair Wise Dec 30 '11 at 01:06
  • It may be that your strings aren't escaped; Try this `exec("C:\\Program Files (x86)\\AVG\\AVG2012\\avgscana.exe /SCAN=daniel_crypted.exe/");` – Andrew Odri Dec 30 '11 at 02:16
  • Hi, thanks for all the help, but it is still just showing a 0, its weird it shows it in under 1-2 seconds, i thought if it was scanning the file it would take at least 5-10 seconds to do it, is there a chance it isn't scanning the file? – Alistair Wise Dec 30 '11 at 02:47
  • Yeah, a very good chance, but I am pretty sure it is because the command isn't being interpreted correctly. I'm not on Windows, but I just noticed that space isn't escaped either. Maybe read though some of the documentation here: http://php.net/manual/en/book.exec.php, and if you are having trouble executing commands, perhaps open a separate question for that :) – Andrew Odri Dec 30 '11 at 02:58
2

The clamav library has a PHP binding called php-clamav. You then can scan files for viruses from within your PHP code:

if ($_FILES['file']['size'] == 0 || !is_file($_FILES['file']['tmp_name']))
{
    throw new Exception('Please select a file for upload!');
} else {
    cl_setlimits(5, 1000, 200, 0, 10485760);
    if ($malware = cl_scanfile($_FILES['file']['tmp_name']))
        throw new Exception($malware.'(ClamAV version: '.clam_get_version(),')');
}
...

Another alternative is to install the Mod_Security web application firewall. It can be configured to scan all upload files for viruses using modsec-clamscan.

hakre
  • 193,403
  • 52
  • 435
  • 836
0

It depends on your server configuration, but for example on linux, it's easy to install something like clam and access it through the command line. You can use something like php's exec() to run it.

jeroen
  • 91,079
  • 21
  • 114
  • 132
  • Ok, brilliant i will try this now, how would i implement multiple scanners, such as one from Avast, avira, kaspersky etc... do they all have command line scanners, or do i have to contact them directly? – Alistair Wise Dec 29 '11 at 21:56
0

You could also use VirusTotals public API. You can read more about it here. There is some PHP code available here.

This way you get a lot of scanners, and you don't have to run AV locally. On the other hand you'll have to wait a while for the result.

Audun Larsen
  • 958
  • 5
  • 7