NYCPHP Meetup

NYPHP.org

[nycphp-talk] virus scans and php

csnyder chsnyder at gmail.com
Wed Dec 7 13:36:09 EST 2005


On 12/7/05, aaron <aaron at aarond.com> wrote:
> I'm working on an Image Database where public users would submit images
> through an html form then the images and related form info would be sent
> to a private network. The info then goes to an Oracle db, and based on
> the unique id's given to the records in the db I rename the images and
> place in a temp folder.
>
> The issue of running some type of virus scan outside of php file checks
> on the images came up in a meeting and I wasn't sure what to say.  Is
> there some type of way a virus scan software can talk to php? Or another
> way to handle virus scans and file uploads?
>
> We have win2k servers and PHP 4.3.1
>
> thanks,
> Aaron D.


Seems like you could pass to ClamAV for processing... except I don't
know if that's Linux only.

Then again, image handling libraries try very hard not to execute
anything embedded in the image, so your only concern is someone
downloading an infected image, changing the extension to .exe, and
then double-clicking it.

Seriously, if embedded viruses are a problem, we're all screwed. It's
not irresponsible to say "not my job" in this case.


--
Chris Snyder
http://chxo.com/


More information about the talk mailing list