Hi there, On Fri, 5 Nov 2021, Michael Pifer via clamav-users wrote:
... users upload a file to our windows servers. now maybe we save that to s3 and somehow pass the s3 url or bucket/file to clamav to scan. I don't know what's easiest to do. That or to forward that file from the windows server to the clamav linux server for scanning.
If you read the documentation you'll see that ClamAV runs on Windows. If the upload server is a Windows box I'd suggest that it's simplest to run ClamAV on the Windows server. Having said that Windows boxes are the target of more malicious software than anything else, so you might want the scanner to be hosted on a less attractive target.
... somehow, we need to take that uploaded file, save it somewhere that clamav can scan ...
If you give the ClamAV process(es) permission to read the uploaded file then it can scan it in the Windows filesystem after uploading. If you prefer, it could scan the data stream as it's being uploaded, before it's even written to the filesystem. Either way you probably want to use a 'clamd' process (a daemon) to do the scanning. You need to read the documentation.
and let us know if it's bad or not. if it's bad, we can delete it in our code.
That's up to you, but do please heed my warning about probabilities. It is not safe to rely entirely on ClamAV to determine whether or not an uploaded file is malicious. There are services freely available on the Web which will scan files using a dozen or more different scanning engines. I use such a service frequently to scan attachments in mail sent to our servers. None of the scan engines has a 100% success rate and I have posted some of my observations of the performance of ClamAV itself here on this list. I think the performance of the best of the scanners is in the region of 80% on a good day. So even if you were to use *all* the available scanners to scan *every* uploaded file, you could probably expect to miss about one in five malicious uploads. Speaking for myself, those numbers would be enough to make me dismiss the idea as insane. -- 73, Ged. _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
