[
https://jira.duraspace.org/browse/DS-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19237#action_19237
]
Richard Rodgers commented on DS-638:
------------------------------------
Not that I would ever discourage digging into curation system or adding
functionality to submission, I will confess to being unable to construct a
common use-case for virus-checking at this point (probably my lack of
imagination). Let me try to state the position succinctly:
(1) Virus checking at submission is like putting a guard at one door, but
leaving at least 4 wide open (SWORD, ItemImport, LNI, OAI Harvest). Which is
why the strategy we took positioned the guard in the hall (workflow) that all
the doors lead to.
(2) Positioning the guard in the hall is just file configuration, no code
customization (in fact, the sample file that ships with 1.7 is this exact case)
(3) If you have a guard in the hall to cover these cases, then the one at the
door is not needed.
(4) You therefore need to know the repository will only ever have content come
in via web submission, in all collections
(5) Even in that case, since the possibly infected file can't be accessed,
except by workflow editors, there is no advantage to submission checking over
workflow (it can check before they ever see it)
(6) Did I say one door? It's actually several - since submission is not really
API, it is in application code. So we would have to add it separately to XMLUI,
JSPUI, FreeMarker, etc
Anyway, I'd love to hear what I'm missing....
> check files on input for viruses, and verify file format
> ---------------------------------------------------------
>
> Key: DS-638
> URL: https://jira.duraspace.org/browse/DS-638
> Project: DSpace
> Issue Type: New Feature
> Components: JSPUI
> Affects Versions: 1.6.2
> Environment: to use this patch you will need to have ClamAV, and
> jhove installed on your system.
> Reporter: Jose Blanco
> Assignee: Robin Taylor
> Attachments: java_files.zip, jhove_config_files.zip, jsp_files.zip
>
>
> This patch uses JHOVE to provide rough-and-ready format checking by
> identifying that the file/bitstream extension matches formats verifiable by
> JHOVE. (Currently DSpace accepts a deposit's file extension as gospel, so a
> user could tack a ".txt" extension onto a GIF and DSpace would assign the
> incorrect format to the file based on that incorrect extension.)
> This patch also also contains code to check the file for the presence of
> viruses.
> In order to use this patch you must have jhove and ClamAV installed on your
> system.
> Important notes:
> (1) HTML identification has proved unreliable ( by jhove ), so this patch
> does not return accurate results for that
> file format.
> (2) This code does not fully incorporate JHOVE's validation functions; it
> only verifies that what depositors intended to submit is in fact what they
> submitted.
> The following are returned messages when an error is detected:
> Text in [brackets] is a returned value, ALLCAPS can/should be modified to
> reflect your current installation.
> Questionable AIFF, GIF, JPG, PDF, TIF, WAVE, XML:
> DSPACE could not verify that your file is a valid [file_format_extension].
> Please check the file format and ".[file_format_extension]" extension.
> Questionable TXT:
> DSPACE found the text file you are trying to upload is neither UTF-8 nor
> ASCII. Please verify that your file is in the format you wanted.
> Spaces in filenames ( this is an additional check ):
> The file name contains spaces; this is not recommended. If possible, please
> replace spaces with underscores: "_".
> Virus detected:
> DSPACE detected a virus in this file. Please repair it and resume the
> deposit. If you need assistance, please contact us: EMAIL_ADDRESS.
> To get the patch working:
> Add the jhove conf files to
> [dspace]/jhove direcoty
> Here are the conf files:
> jhove-aiff.conf
> jhove-ascii.conf
> jhove-gif.conf
> jhove-jpeg.conff
> jhove-pdf.conf
> jhove-tiff.conf
> jhove-utf8.conf
> jhove-wave.conf
> jhove-xml.conf
> Also the following files were changed:
> dspace-api/src/main/java/org/dspace/submit/step/UploadStep.java
> dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/submit/step/JSPUploadStep.java
> dspace-api/src/main/java/org/dspace/content/FormatIdentifier.java
> dspace/modules/jspui/src/main/webapp/submit/get-file-format.jsp ( locally
> customized )
> dspace/modules/jspui/src/main/webapp/submit/upload-error-virus.jsp ( new file
> - placed in locally modified area for the jspui interface)
> These files are attached with this patch.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.duraspace.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
