Scan PHP uploads for viruses

StackOverflow https://stackoverflow.com/questions/656583

  •  19-08-2019
  •  | 
  •  

Question

I'm currently using the following code to scan files that have been uploaded as part of an application form:

$safe_path = escapeshellarg($dir . $file);
$command = '/usr/bin/clamscan --stdout ' . $safe_path;
$out = '';
$int = -1;
exec($command, $out, $int);

if ($int == 0) {
    // all good;
} else {
    // VIRUS!;
}

It works, but is slow. Anyone got any suggestions that would a). speed things up and b). improve the script generally (for instance, I'm not entirely clear on the benefits of exec() vs system(), etc)?

If the speed can't be improved then I'd ideally like to display some kind of interim "Please be patient your files are being scanned" message, but am not sure how to go about that either.

EDIT: Sorry, should have said the scan needs to be done at the time as the application in question won't be accepted without valid (i.e virus-free) files.

Was it helpful?

Solution

If you don't need to display the results to the user instantly, you could add the file to a Database table for scanning later.

Then, you could fork a new process to scan and update the results in the table. You have a good example here: http://robert.accettura.com/blog/2006/09/14/asynchronous-processing-with-php/.

If you absolutely need to display the results within the same request, then you could do it exactly as I said before but outputting a temp page requesting the results via AJAX; once the scan is over, redirect the user to the results page.

If you don't want to use JavaScript, then a simple meta refresh tag would do the trick.

OTHER TIPS

Use clamdscan instead of clamscan. Clamdscan uses the built-in daemon that's running all the time and doesn't have to load the virus tables each time (as clamscan does).

Set up a seperate application, ideally on a different box where you can batch these scans. That box can update it's status into the database where your frontend service can read and report back to the user.

To keep this up-to-date: There is a PHP library now that is using a socket connection to ClamAV and initialize a file scan over PHP pretty fast.

https://github.com/jonjomckay/quahog

Be sure to use the correct permissions, because the scan will be done by the clamav user and not www-data.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top