[
https://jira.duraspace.org/browse/DS-638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20218#action_20218
]
Mark Diggory commented on DS-638:
---------------------------------
Actually, the point of putting it in the file upload step is so the submitter
can correct and be aware of the problem on the file that is causing it. It
shouldn't even get into the Bitstream, the file should be tested prior to
addition to DSpace. Most of the Webapps now cache the upload in a file object
behind the HttpRServletReqest object or inside cocoon. The point of doing a
virus scan in file upload is so the user knows theres a problem and fixes it
before it ever reaches DSpace or the Reviewer Workflow.
Also Configurable Reviewer workflow will certainly be able to support automated
steps that do things like Jove detection etc....
> check files on input for viruses, and verify file format
> ---------------------------------------------------------
>
> Key: DS-638
> URL: https://jira.duraspace.org/browse/DS-638
> Project: DSpace
> Issue Type: New Feature
> Components: JSPUI
> Affects Versions: 1.6.2
> Environment: to use this patch you will need to have ClamAV, and
> jhove installed on your system.
> Reporter: Jose Blanco
> Assignee: Robin Taylor
> Attachments: java_files.zip, jhove_config_files.zip, jsp_files.zip,
> UploadStep.java, virus_check.patch
>
>
> This patch uses JHOVE to provide rough-and-ready format checking by
> identifying that the file/bitstream extension matches formats verifiable by
> JHOVE. (Currently DSpace accepts a deposit's file extension as gospel, so a
> user could tack a ".txt" extension onto a GIF and DSpace would assign the
> incorrect format to the file based on that incorrect extension.)
> This patch also also contains code to check the file for the presence of
> viruses.
> In order to use this patch you must have jhove and ClamAV installed on your
> system.
> Important notes:
> (1) HTML identification has proved unreliable ( by jhove ), so this patch
> does not return accurate results for that
> file format.
> (2) This code does not fully incorporate JHOVE's validation functions; it
> only verifies that what depositors intended to submit is in fact what they
> submitted.
> The following are returned messages when an error is detected:
> Text in [brackets] is a returned value, ALLCAPS can/should be modified to
> reflect your current installation.
> Questionable AIFF, GIF, JPG, PDF, TIF, WAVE, XML:
> DSPACE could not verify that your file is a valid [file_format_extension].
> Please check the file format and ".[file_format_extension]" extension.
> Questionable TXT:
> DSPACE found the text file you are trying to upload is neither UTF-8 nor
> ASCII. Please verify that your file is in the format you wanted.
> Spaces in filenames ( this is an additional check ):
> The file name contains spaces; this is not recommended. If possible, please
> replace spaces with underscores: "_".
> Virus detected:
> DSPACE detected a virus in this file. Please repair it and resume the
> deposit. If you need assistance, please contact us: EMAIL_ADDRESS.
> To get the patch working:
> Add the jhove conf files to
> [dspace]/jhove direcoty
> Here are the conf files:
> jhove-aiff.conf
> jhove-ascii.conf
> jhove-gif.conf
> jhove-jpeg.conff
> jhove-pdf.conf
> jhove-tiff.conf
> jhove-utf8.conf
> jhove-wave.conf
> jhove-xml.conf
> Also the following files were changed:
> dspace-api/src/main/java/org/dspace/submit/step/UploadStep.java
> dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/submit/step/JSPUploadStep.java
> dspace-api/src/main/java/org/dspace/content/FormatIdentifier.java
> dspace/modules/jspui/src/main/webapp/submit/get-file-format.jsp ( locally
> customized )
> dspace/modules/jspui/src/main/webapp/submit/upload-error-virus.jsp ( new file
> - placed in locally modified area for the jspui interface)
> These files are attached with this patch.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.duraspace.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
