Re: Scanning uploads for viruses

[David De La Harpe Golden]

Brandon Taylor wrote:
> Greetings all,
> 
> My project involves uploading Word documents (resumes), and I would
> like to be able to scan them for viruses. I've found ClamAV, but
> installation is proving a little testy. So, I thought I'd ping the
> community for advice. Should I even be concerned with this? My
> deployment server is Linux, and the client is running anti virus
> software on their PCs, which I'm sure scan downloads.
> 
> I'd appreciate your advice!
> 

I'd certainly be vaguely concerned about it.

Installing clamav-daemon, clamav-freshclam, python-pyclamd etc. should
be a straightforward "aptitude install" operation on debian at least.

I'm presently using clamav via pyclamd to scan uploaded docs in django
via a forms.FileField subclass, something along the lines of the example
below:

from django.forms import fields

import pyclamd
from pyclamd import ScanError

# really this should be a setting, and of course allow network_socket
pyclamd.init_unix_socket(filename='/var/run/clamav/clamd.ctl')

class VirusScannedFileField(forms.FileField):
    default_error_messages = {
        'virus_found': u"Warning! Warning! Uploaded File may contain a
VIRUS! %(virus_detail)s",
        'virus_commerr': u"Failed to contact virus scanner. Please try
again later.",
    }
    def clean(self, data, initial=None):
        """
        Uses pyclamd to virus check an uploaded file
        """
        f = super(VirusScannedFileField, self).clean(data, initial)
        if f is None:
            return None
        elif not data and initial:
            return initial

        # We might have a path or we might
        # have to read the data into memory
        # FIXME: use scan_file and scan_stream as appropriate
        if hasattr(data, 'temporary_file_path'):
            buf = file(data.temporary_file_path(),'rb').read()
        else:
            if hasattr(data, 'read'):
                buf = data.read()
            else:
                buf = data['content']
        try:
            ret = pyclamd.scan_stream(buf)
            if ret:
                raise
fields.ValidationError(self.error_messages['virus_found'] %
{'virus_detail': ', '.join([i for i in ret.itervalues()])})

        except ScanError, e:
            raise
fields.ValidationError(self.error_messages['virus_commerr'])

        if hasattr(f, 'seek') and callable(f.seek):
            f.seek(0)
        return f








--

You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=.