Home > Uncategorized > Integrate virus scanning for user submitted files.

Integrate virus scanning for user submitted files.

November 9th, 2008
Goto comments Leave a comment

No matter what type of application you are building if your users are going to be uploading files it is to your advantage (and that of your users) that you integrate real time virus checking. Before I proceed remember this:

  1. Virus checking is free/low cost  (depending upon the product and wether you are an individual or business)
  2. It is relatively easy to build into your applications

Looking around the web you will find various virus checking applications, some free, some not. Some things to consider when selecting antivirus software will be: 

  • Does the program support a CLI (execution from the command line)
  • How reliable the software is
  • How easily manageable the virii definitions are
     
I took some time to research various programs and ultimately chose AVG. I have used this program for years with excellent results, the definitions work on scheduled updates (no maintenance), and it has never once crashed my system. Sounds GOOD, so lets get started:
 
  1. You need to download AVG Free. *For test purposes we will be working with the free edition.
  2. Install the software! (I hope this was obvious to you.)
  3. Create a batch file that executes avgscan.exe with the parameters you want to use
  4. Integrate this batch file into your cold fusion program
     
I’ll skip screen shots for downloading and installing AVG for brevity.
 
[3 Create a batch file that executes avgscan.exe with the parameters you want to use] 
Although there are quite a lot of command line options availble to us, only a few are really necessary. I decided on these 4.
 
  1. /HEUR           Heuristic Analysis /path,path/
  2. /EXT              test these extensions /for example EXT=*/
  3. /ARC             test archives
  4. /REPORT        Report to file /file name/
     
*note that the /report option is used so that we can parse out the results of the scan
 
Here is a look at the completed batch file (vscan.bat):
@echo off
cd\program files\grisoft\avg free\
avgscan.exe %1 /heur /ext=* /arc /report c:\%2.txt
cd\
type %2.txt
rem del %2.txt

You can decide on your own set of options by reviewing the avgscan /? command as shown below:

C:\Program Files\Grisoft\AVG Free>avgscan /?
AVG7 Anti-Virus command line scanner
Copyright (c) 2006 GRISOFT, s.r.o.
/SCAN        Scan test /path,path/
/HEUR        Heuristic Analysis /path,path/
/EXCLUDE     Exclude path or files from scan
/@           Command file /file name/|
/EX          test these extensions /for example EXT=*/
/NOEXT       do not test these extensions /for example NOEXT=JPG/
/SMART       Smart scan
/ARC         test archives
/RT          test run-time compressions
/CLEAN       clean automatically
/TRASH       Move infected files to the Virus vault
/QT          Quick Test
/LOG         Generate a test result file
/MACROW      report macros
/PWDW        Report password-protected files
/IGNLOCKED   Ignore locked files
/REPORT      Report to file /file name/
/REPAPPEND   Append to the report file
/REPOK       report uninfected files as OK
/STOPLEVEL   Pause on detection /1-n/
/NOBREAK     Do not allow CTRL-BREAK to abort
/NOBOOT      Skip MBR/BOOT check
/NOMEM       Do not test memory
/MEM         Scan active processes
/NOHIMEM     Do not test upper memory
/NOSELF      Do not self-check AVG
/SKIPRP      Skip reparse points (NTFS only)
/SPY         Use Anti-Spyware Scanner
/SMS         Generate report in Management Information File (MIF) format
/?           Display help on this topic
/HELP        Display help on this topic
/DELAY       Cooperative mode (sleep during scanning)

 

[4 Integrate this batch file into your cold fusion program]

Obviously we need to have CF call our batch file (vscan.bat). CFEXECUTE to the rescue:

<cfexecute
    name="c:\documentready\_bin\vscan.bat"
    arguments="#tmpFile# #session.user_key#"
    variable="getOutput" timeout="15"></cfexecute>

Thanks to our /report switch and the Type from our batch file the results of our virus scan is dumped to the screen allowing us to parse the results returned in getOutput. Pretty neat eh?

To help you get an idea of what you will be parsing, and what information is available, here is a sample output (take note that the file input parameter must be a full path, and the output you are viewing here is for a file that is not infected with a virus):

C:\DocumentReady\_bin>vscan.bat c:\foo.txt foo
AVG7 Anti-Virus command line scanner
Copyright (c) 2006 GRISOFT, s.r.o.
Program version 7.5.549, engine 442
Virus Database: Version 270.9.0/1771  2008-11-06
Tested: 1 files, 2 sectors
Infections: 0
Errors: 0
AVG  7.5
Copyright (c) GRISOFT,s.r.o. 2006
Program version 7.5.438  Engine: 442 database version 270.9.0/1771
Command line: [c:\foo.txt /heur /ext=* /arc /report c:\foo.txt]
------------------------------------------------------------
Test start 11/6/2008 12:10:15
Elapsed time 4 sec.
------------------------------------------------------------
Scanned         files      :    1
Scanned         sectors    :    2
No viruses found.
------------------------------------------------------------

To do our parsing we will be using Regular Expressions. If you aren’t famlair with regular expressions, they are essentially the hottest tool you can use to parse through text and although they appear duanting at first, with practice they become both second nature and essential to your programming needs.

<cftry>
	<cfexecute
            name="c:\documentready\_bin\vscan.bat"
            arguments="#tmpFile# #session.user_key#"
            variable="getOutput"
            timeout="15"></cfexecute>
<cfcatch>
      <cfset void = showError("Upload failed, virus check timed out.")>
</cfcatch>
</cftry>
<cfset infectedFiles = "Infected        files      :    (\d+?)?">
<cfset pos = REFindNoCase(infectedFiles,getOutput,1,true)>
<cfif ArrayLen(pos.pos) gte 2>
       <cfset infectedCount = mid(getOutput,pos.pos[2],pos.len[2])>
<cfelse>
       <cfset infectedCount = 0>
</cfif>
<cfif infectedCount>
       <cfset virusname = ListGetAt(getOutput,5,chr(10)&chr(13))>
       <cfset virusname = ReplaceNoCase(virusname,"""#tmpFile#"" ...
                                        Virus identified ","","ONE")>
       <cffile action="delete" file="#tmpFile#">

       <cfset void = showError("Virus Found, " & virusname)>
</cfif>

For more information on Regular Expressions check out the Introduction to Regular Expressions (Scripting) on MSDN.

No related posts.

Uncategorized

  1. Heath Provost
    | #1
    Reply | Quote

    Nice. I tried this once with Clam AV a few years back and failed miserably :)

  2. admin
    | #2
    Reply | Quote

    @Heath Provost

    lol… I used this method on http://www.DocumentReady.com if you want to check it out.

  3. Shawn Bailly
    | #3
    Reply | Quote

    It’s important to make sure that the user account which ColdFusion starts under has access to execute the virus scanning software. This is usually the local system account. A lot of issues I’ve personally had were because of this.

  4. Shawn Bailly
    | #4
    Reply | Quote

    A second note I’d make would be to set a flag in the database when the file is uploaded that it has not been scanned. Then run the virus scan in a new thread (<cfthread>) available with ColdFusion 8. This way you don’t have to wait for a return to continue processing your users request and once the thread completes you can set the flag in the database that the scan has completed. ColdFusion 8 standard is limited to spawning at most 2 simultaneous threads, enterprise does not have this limit. But, threads are put in a que after that limit is reached and executed in order.

  1. No trackbacks yet.