Announcement

Collapse
No announcement yet.

products for http virus scanning

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • products for http virus scanning

    I have a server in DMZ which is hosting my company website. People from outside are allowed upload their resumes from recruitment page. I looking for a way using which I can scan the attachments they are uploading.

    for now, I can think of two ways.

    o Direct all HTTP traffic through a dedicated server which has a product to scan viruses in HTTP traffic and send to my website server. Similar to antivirus gateway

    o My resume processing code should be intelligent enough to scan the attachment being uploading using some antivirus APIs at the http level itself.

    Do you have any products which servers my purpose? Please let me know if you need any more details to deliver good solution to me.

    Thanks,
    Sitaram
    http://sys-talk.blogspot.com

  • #2
    Re: products for http virus scanning

    I would have thought an On-Access scanning that most AV packages offer should do the Job. What do you currently use in your environment?
    Just make sure you configure it with the right exclusions so it doesn't affect the performance.

    Ta
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: products for http virus scanning

      >What do you currently use in your environment?
      I use Symantec AV in my org.

      I am not prety sure how on-access scan will help to scan virus in HTTP traffic which the web application processes and sends the data to a DB server.

      How the famour job portals are maintaining their security from virus files being uploaded? I am thinking that there is certailly a good product to handle Job portals... Am I missing any thing here...?

      Comment


      • #4
        Re: products for http virus scanning

        Originally posted by charlsteve View Post
        I am not prety sure how on-access scan will help to scan virus in HTTP traffic which the web application processes and sends the data to a DB server.
        The web application writes the uploaded file on disk, and the scanner is supposed to catch it during writing an infected file. You easily can test this by uploading Eicar virus test file into your resume processing system and checking if Symantec catches it.

        If the web app uses a MemoryStream as a buffer (assuming it's an Asp.Net app) and newer creates files, no data is written to HD and Symantec might not catch the bug.

        -vP

        Comment


        • #5
          Re: products for http virus scanning

          You have the point, VP.

          I agree that, if the job portal system uses local HD for storing resumes, normal desktop antivirus will do the most of the task. But what if the portal system uses a database in which it will store all resumes..? I am sure, the big job portals like monster, timesjobs, naukri will use databases in background. But I am not sure what security mechanisms/products they will follow to throw the virus files away. I don't think that they will use a AV gateway product because, the portal application will not have any interaction with gateway AV to determine the file being uploaded has virus or not.

          Thanks,
          Sitaram
          http://sys-talk.blogspot.com

          Comment


          • #6
            Re: products for http virus scanning

            Originally posted by charlsteve View Post
            >
            I am not prety sure how on-access scan will help to scan virus in HTTP traffic which the web application processes and sends the data to a DB server.

            How the famour job portals are maintaining their security from virus files being uploaded?
            Adding to the good explanation from vonPryz and given the fact that your application uses attachments, i would have thought that there is a directory created specificaly for these attachments.
            That's where the On-access scanning might be effective.
            Caesar's cipher - 3

            ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

            SFX JNRS FC U6 MNGR

            Comment


            • #7
              Re: products for http virus scanning

              How the scanning will be done if the files are stored in database?

              Comment


              • #8
                Re: products for http virus scanning

                It sounds as if your website is similar in nature to Sharepoint. I have never considered using Microsoft Forefront for Sharepoint for other websites that also upload documents and store them in SQL but may be possible.

                http://www.microsoft.com/forefront/s...s/default.aspx

                Comment


                • #9
                  Re: products for http virus scanning

                  Originally posted by charlsteve View Post
                  But what if the portal system uses a database in which it will store all resumes..?
                  A fairly common way to store documents is to rename them and store files as such into directory structure. The original file name and new file name plus directory info and whatnot are stored into DB. One could store the document into DB as well, but then you have to use a BLOB (binary large object) for storage. Which slows you down a bit, as a blob is just a pointer to the object that is located elsewhere on the filesystem, but I digress...

                  DB as file storage makes sense if you want to use DB's security for controlling access. Performancevise, DB as file storage won't make much sense, as DB overhead slows you down. This is a common issue in, say, web sites. None that I am aware store site images in DB.

                  Anyway, any user upload processing system should do some basic file management before it stores the file permanently into anywhere. Some basic checks are to be made. Like checking user hasn't uploaded umpteen gigabyte file or done some other mischiev. A virus scanning would be done at this point as well.

                  -vP

                  Comment

                  Working...
                  X