20 ตุลาคม 2552 9:29Hi, please excuse this rather long first post while I try to explain the issue.
We have created an in house CMS system that allows users to upload files to a central server. The software is all .Net and uses a Telerik component to do the actual uploading over basic http. Uploaded files are stored in a database as a binary object, not as the actual file in the file system.
We now have a need to allow access to the CMS from outside the company. We would like the ability to scan incoming requests to the CMS for viruses and other malware using ISA server.
All our desktops and servers are protected by anti-virus software locally.
If a user uploads a file to the CMS the anti-virus on the database server does not detect it (as it’s stored inside the database as a blob). The virus is only detected when a user downloads the file out of the CMS to their local PC. Of course our internal office machines are protected and will remove the virus.
With us now allowing external users onto the system we are worried that if somebody uploads a virus or malware to the CMS and then another external user downloads the virus infected file and they don’t have the proper protection in place they wont be very happy with us as it could appear as if the infection came from our system.
We’ve got the legals working on a disclaimer to protect ourselves from being sued in this situation but it would be far better if we could implement a solution to try and detect and remove the virus during the upload as the data passes through our security gateway.
Is it possible to configure ISA server or the new TMG in such a way to do this?
If it is possible, how would one go about setting it up, I’m a programmer day to day and have little knowledge in ISA server / TMG.