PHP and Antivirus

Forum Moderators: coopster

Message Too Old, No Replies

PHP and Antivirus

do we need to scan user-uploaded files?

phph

7:00 pm on Jun 21, 2006 (gmt 0)

I have a site that allows users to upload files of pretty much any format and I'm a bit concerned about viruses. Is it possible that the server gets infected when dealing with infected files? I'm managing the files using PHP, using fopen, fread etc. on them, also trying to resize them if they are images..

I've heard about a tool called Clamav - antivirus app for Linux, but I'm not sure of it can be used through PHP.

Any suggestions? My main concern is if viruses can do any damage to the server, I don't really care about users as they are responsible for anything they download anyway :)

Thanks for the help!

eeek

7:50 pm on Jun 21, 2006 (gmt 0)

How would the server get infected? Is it doing anything with the files?

Little_G

8:11 pm on Jun 21, 2006 (gmt 0)

Hi,

Because PHP only reads the contents of the file most conventional viruses won't be able to infect the server. The only threat from user submitted files is specially crafted files that could take advantage of vulnerabilities in PHP/GD.

Andrew