确保上传的文件是安全的 [英] ensuring uploaded files are safe
问题描述
我的老板来找我,问如何确保通过网页上传的文件是安全的.他希望人们能够上传 pdf 和 tiff 图像(等等),他真正关心的是有人在 pdf 中嵌入病毒,然后查看/更改(并执行病毒).我刚刚读到一个程序,该程序可用于通过更改最少的位来破坏嵌入在图像中的速记信息.是否可以使用类似的过程来确保不会植入病毒?有谁知道任何可以清理文件的程序?
My boss has come to me and asked how to enure a file uploaded through web page is safe. He wants people to be able to upload pdfs and tiff images (and the like) and his real concern is someone embedding a virus in a pdf that is then viewed/altered (and the virus executed). I just read something on a procedure that could be used to destroy stenographic information emebedded in images by altering least sifnificant bits. Could a similar process be used to enusre that a virus isn't implanted? Does anyone know of any programs that can scrub files?
更新:因此,团队对此进行了一些争论,一位开发人员发现了一篇关于让文件下载到文件系统并让保护网络的防病毒软件检查那里的文件的帖子.海报基本上是说对几个产品使用 API 或命令行太难了.这对我来说似乎有点笨拙,因为我们计划将文件存储在数据库中,但我以前不必扫描文件中的病毒.有没有人对此有任何想法或经验?
Update: So the team argued about this a little bit, and one developer found a post about letting the file download to the file system and having the antivirus software that protects the network check the files there. The poster essentially said that it was too difficult to use the API or the command line for a couple of products. This seems a little kludgy to me, because we are planning on storing the files in the db, but I haven't had to scan files for viruses before. Does anyone have any thoughts or expierence with this?
http://www.softwarebyrob.com/2008/05/15/virus-scanning-from-code/
推荐答案
我建议您通过防病毒软件运行您上传的文件,例如 ClamAV.我不知道清理文件以删除病毒,但这至少可以让您在查看受感染文件之前检测并删除它们.
I'd recommend running your uploaded files through antivirus software such as ClamAV. I don't know about scrubbing files to remove viruses, but this will at least allow you to detect and delete infected files before you view them.
这篇关于确保上传的文件是安全的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
