免费的服务器端防病毒/安全/特洛伊木马保护文件上传? [英] Free server side anti virus / security / trojan protection for file uploads?
问题描述
我允许用户上传相册之类的照片,还可以将文件(目前为文档)作为邮件附件附加.因此,我假设我需要一些防病毒/安全工具来首先扫描文件,以防人们上传受感染的内容.有两个问题:1)我可以使用或集成到我的环境中的任何免费"或开源工具:codeignitor php?2)如何确保上传区域不受系统的其余部分影响?假设病毒扫描程序无法捕获病毒并将其上传,如何防止其感染其他文件?就像可以将上传区域放入沙箱还是始终使用某些文件,然后使用该文件路径让用户访问内容,从而使其不会传播到系统的其他部分?
I am allowing users to upload photos like photo albums, and also attach files (documents for now) as mail attachments. So i assume I need some anti virus/security tool in place to scan the files first in case people upload infected stuff. So two questions: 1) Are there any 'free' or open source tools for this I can use or integrate into my environment: codeignitor php? 2) How to secure the upload area from rest of the system? Say the virus scanner fails to catch a virus and it is uploaded, how to prevent it from infecting other files? Like can the upload area be sandboxed in or something always and use that filepath for users to access the content so it does not spread to other parts of the system?
推荐答案
有用于免费病毒扫描程序的clamav.安装它,您可以执行以下操作:
There is clamav for a free virus scanner. Install it and you could do something like:
function virus_detected($filename)
{
$clamscan = "/usr/local/bin/clamscan";
$result = exec("$clamscan -i --no-summary $filename");
return strlen($result)?true:false;
}
关于安全性,请确保将临时文件上载到Web根目录之外的目录.然后,您应该验证文件类型,将文件重命名为不同于原始文件名的其他文件,并附加适当的扩展名(gif,jpg,bmp,png).我相信,除了php本身的漏洞利用之外,这还应该使您保持相当的安全.
As for security, make sure the temporary files are uploaded to a directory outside of your web root. You should then verify the file type, rename the file to something other than it's original file name and append the appropriate extension (gif,jpg,bmp,png). I believe this should keep you fairly safe aside from exploits in php itself.
有关在php中验证文件类型的更多信息,请参见: http://www.php.net/manual/zh/function.finfo-file.php
For more information about verifying file types in php check out: http://www.php.net/manual/en/function.finfo-file.php
这篇关于免费的服务器端防病毒/安全/特洛伊木马保护文件上传?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
