Scan Attachments For Viruses

This extension came about after some discussion of my previous extension:

https://vborg.vbsupport.ru/showthread.php?t=100933

That extension automatically zips files. Some users were concerned that this may allow a malicous user to upload a virus/trojan since the extension allows any file to be added to the archive. If you currently allow zip files to be uploaded, then the risk is already present with or without my zip extension.

I decided to write up this product that will scan all files uploaded (including archives) for viruses.

REQUIREMENTS:

Linux/Unix Server. Although it may be possible to run this on a Windows server, I have not tested it, and am unsure if it will work on that enviroment.

This extension REQUIRES that you install F-Prot on your server. All you really need is the command line scanner for workstations. The install is simple and does not require any compilation (at least it did not for me). You download the archive to your server, and un-tar it to a directory that VB will have access to. This does NOT require root access as no system files are modified. F-Prot is free for personal use, but your requirements may require a purchase. Please read the F-Prot license agreement for more details.

Safe Mode must be off. PHP must have access to the system command.

INSTALLATION

Installation of the product is simple, just install the product file in the admincp and then go to VBulletin Options -> Virus Scanning. Enter the COMPLETE path to F-Prot. For example:

/home/yoursite.com/www/somefolder/f-prot/f-prot

Please note, the name f-prot must be at the end of the path. This is the FILE NAME not the directory name.

You can test to see if it working by creating an eicar file:

http://www.eicar.org/anti_virus_test_file.htm

And try attaching it to a thread. Note, if you create a txt file, it will recognize it unless it is in an archive. The scanner understands that as a text file it is not a threat. Rename it to a .exe file if you want to test the archive scanning abilities.

The product will scan files inside of .zip, .cab, .tar, .gz, .izh and .arj files.

IF you are going to use this in conjuction with my zip extension, uninstall the zip plugin first, install this product, then re-install the zip plugin, this way the virus scan will happen before the attachments are archived.

I will support this as I can. Before you post any requests for help, please check your phpinfo (see maintenence in admincp) and make sure safe mode is off before posting here. If safemode is on, there really is not much I can do for you.

Please Click INSTALL!

[smokey]

It would be easy with php-clamavlib. That is a module for php 4 and 5.

http://www.phpclamavlib.org/

[redspider]

any hope for a free antivirus program for this hack ?

[Virtuosofriend]

or it is possible to integrate it with jotti online virus scan?
http://virusscan.jotti.org/

[Jafo232]

I will take a look at any free anti-virus software and try it, but no gaurantee. No, it will not be compatible with an ONLINE scanner.

[Virtuosofriend]

too bad,i think it would be much easier to make it work with an online scanner

[redspider]

what about http://sourceforge.net/projects/phpantivirus ?

[Jafo232]

Quote:

Originally Posted by redspider

what about http://sourceforge.net/projects/phpantivirus ?

Although a worthy piece of software no doubt, it only scans known "in public HTML, PHP, CGI and text files" for malicous behavior.

[redspider]

the other I find was clamav http://www.clamav.net/binary.html
is free I think.

[ChuanSE]

any updates on the free AV issue ?

what requirements are there that the f-prot needs a license?

[Jafo232]

Quote:

Originally Posted by ChuanSE

any updates on the free AV issue ?

what requirements are there that the f-prot needs a license?

Licenses change all the time. They do have a free version for non-commercial use.. There is more here:

http://f-prot.com/