locked
What is the best way to virus scan an uploaded file? RRS feed

  • Question

  • I am writing a small website to study file uploads.  When faced with the problem of virus scanning I realized I didn't know best practices when it comes to checking files before writing to long term storage.  My initial thought was to load the file to a stream and read the stream.  If the stream is scanned and no viruses, I would then write to disk/database/etc.  Is this a good approach to this type of problem?  If not, what is a better approach?

    Tuesday, May 10, 2011 10:26 PM

Answers

  • Try forums.asp.net.

    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful, so they will appear differently to other users who are visiting your thread for the same problem.
    Visual C++ MVP
    • Marked as answer by Will Steele Tuesday, June 21, 2011 7:22 PM
    Wednesday, June 15, 2011 5:15 PM

All replies

  • Hello,

    Thank you for your post! I would suggest posting your question in one of the Microsoft Forefront TechCenter > Forefront Products and Technologies Forums > Read Only - Forefront Security for Exchange Server located here:

    http://social.technet.microsoft.com/Forums/en-US/forefrontexchange/threads

    Hope this helps you.


    Have a great day!

    Thanks!

    Xinyan Ma

    STO Application Support
    Server and Tools Online Operations Team

    Tuesday, May 10, 2011 11:38 PM
  • Are you writing the web site using asp.net?

     



    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful, so they will appear differently to other users who are visiting your thread for the same problem.
    Visual C++ MVP
    Thursday, May 12, 2011 4:10 AM
  • thanks

    Thursday, May 12, 2011 10:13 AM
  • Yes.  The framework is 4.0.
    Wednesday, June 15, 2011 4:42 PM
  • Try forums.asp.net.

    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful, so they will appear differently to other users who are visiting your thread for the same problem.
    Visual C++ MVP
    • Marked as answer by Will Steele Tuesday, June 21, 2011 7:22 PM
    Wednesday, June 15, 2011 5:15 PM
  • No, the server should not trust anything from the client. Once you put the code to the client's computer, it can be tempered with.

    The following is signature, not part of post
    Please mark the post answered your question as the answer, and mark other helpful posts as helpful, so they will appear differently to other users who are visiting your thread for the same problem.
    Visual C++ MVP
    Friday, June 24, 2011 6:43 PM