动态运行ClamAV的文件上传与PHP的clamscan [英] Dynamically running ClamAV's clamscan on file uploads with PHP
问题描述
Stack,
我想用clam反病毒的clamscan工具扫描每个通过php上传脚本上传的文件。我想我已经写了一个很好的脚本,但我想跑过你们。
因此,假设我发送到这个php上传脚本的文件是命名为 UploadedFile的 执行以下操作的代码有意义
<?PHP
$ safe_path = escapeshellarg('/ tmp /'。$ _FILES ['uploadedfile'] ['tmp_name']);
$命令='clamscan'。 $ safe_path;
$ out ='';
$ int = -1;
exec($ command,$ out,$ int);
if($ int == 0){
//所有的代码都在这里上传文件,正常的IE移动到
永久目录等等。
} else {
unlink('/ tmp /'。$ _FILES ['uploadedfile'] ['tmp_name']);
header(位置:http://www.domain.com/uploadform.php?error=your-file-was-infected-pal);
}
?>
此外,将clamscan发现PHP壳,以及传统的好老恶意软件?
谢谢!
更新 - 找到答案
我回答了我自己的问题问题,但没有正式这样做的声誉。这里是安塞尔:
对于那些后来的人来说。我已经使用EICAR测试病毒文件测试了这个脚本: http://eicar.org/86-0-Intended- use.html 和一些调整后,它的作品。返回变量$ int告诉你文件是否安全。如果$ int为0,则没有发现病毒,如果$ int是1,则发现病毒。然而,有一些变化,我必须使脚本工作(我更新$ safe_path变量是正确的),这里是工作脚本:
<?php
$ safe_path = escapeshellarg($ _ FILES ['uploadedfile'] ['tmp_name']);
$命令='clamscan'。 $ safe_path;
$ out ='';
$ int = -1;
exec($ command,$ out,$ int);
if($ int == 0){
//所有的代码都在这里上传文件,正常的IE移动到
永久目录等等。
} else {
//无论您在发现病毒时需要做什么。
}
?>
请注意,如果你的服务器运行一个ClamAV的守护进程(clamd的)有可能使用clam扫描,而不是clamscan,因为使用已经加载的病毒签名,这个用法更快。
Stack,
I want to scan each file that gets uploaded via my php upload script with clam anti-virus's clamscan tool. I think I've got a good script written but I wanted to run it past you guys.
So assuming that the file I'm sending to this php upload script is named "uploadedfile" does the following code make sense?
<?php
$safe_path = escapeshellarg('/tmp/' . $_FILES['uploadedfile']['tmp_name']);
$command = 'clamscan ' . $safe_path;
$out = '';
$int = -1;
exec($command, $out, $int);
if ($int == 0) {
// all good, code goes here uploads file as normal IE move to
permanent directory etc;
} else {
unlink('/tmp/' . $_FILES['uploadedfile']['tmp_name']);
header(Location: http://www.domain.com/uploadform.php?error=your-file-was-infected-pal);
}
?>
Also, will clamscan find php shells as well as traditional good old malware?
Thanks!
Update - found the answer
I answered my own question but don't have the reputation to officially do so. Here is the anser:
For those who come after. I've tested this script using the EICAR test virus file http://eicar.org/86-0-Intended-use.html and after a few tweaks it works. The return variable $int is what tells you whether or not the file is safe or not. If $int is 0, no virus was found, if $int is 1, a virus was found. However, there are some changes that I had to make the script work (I updated the $safe_path variable to be correct), here is the working script:
<?php
$safe_path = escapeshellarg($_FILES['uploadedfile']['tmp_name']);
$command = 'clamscan ' . $safe_path;
$out = '';
$int = -1;
exec($command, $out, $int);
if ($int == 0) {
// all good, code goes here uploads file as normal IE move to
permanent directory etc;
} else {
//whatever you need to do if a virus is found.
}
?>
Note that if your server runs a clamav daemon (clamd) it may be possible to use clamdscan instead of clamscan as proposed, this usage is faster since use virus signatures already loaded by clamd.
这篇关于动态运行ClamAV的文件上传与PHP的clamscan的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!