您如何病毒扫描正在上传到您的 java webapp 的文件?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3363767/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do you virus scan a file being uploaded to your java webapp as it streams?
提问by les2
Basically, I want to virus scan files as they are uploaded (before writing them to disk) to a web app.
基本上,我想在文件上传(在将它们写入磁盘之前)到网络应用程序时对其进行病毒扫描。
In particular, I'd like to integrate with "McAfee VirusScan Enterprise" (latest version).
特别是,我想与“McAfee VirusScan Enterprise”(最新版本)集成。
From a design and maintenance perspective, would it perhaps be better to scan certain paths at the firewall using a third party product? That way the web app would not have to concern itself with virus scanning. So as to minimize overhead, do typical virus scanning firewalls let you specify URL patterns as well as a particular POST data pattern. This of course would not work if it's an HTTPS site (unless there's some way around that).
从设计和维护的角度来看,使用第三方产品扫描防火墙上的某些路径是否更好?这样 Web 应用程序就不必担心病毒扫描。为了最大限度地减少开销,典型的病毒扫描防火墙让您指定 URL 模式以及特定的 POST 数据模式。如果它是 HTTPS 站点,这当然行不通(除非有办法解决这个问题)。
This post from stackoverflowseems to suggest that an SDK from McAfee is no longer available, but are there open source alternatives?
这篇来自 stackoverflow 的帖子似乎暗示 McAfee 的 SDK 不再可用,但是否有开源替代品?
采纳答案by Dominique
Check out Clamv ( http://www.clamav.net/) It is a open source anti-virus, and you can scan a stream. So you do not need to save the file for scanning it.
查看 Clamv ( http://www.clamav.net/) 它是一种开源防病毒软件,您可以扫描流。所以你不需要保存文件来扫描它。
http://linux.die.net/man/1/clamscan
http://linux.die.net/man/1/clamscan
Scan a data stream: cat testfile | clamscan -
扫描一个数据流: cat testfile | 蛤蜊扫描 -
So it is quite easy, start the clamscan process with the - arg. write the file content to the stdin, and wait for the result code.
所以这很容易,使用 - arg 启动 clamscan 过程。将文件内容写入标准输入,等待结果码。
During your testing, you can use the EICAR file, which is a file dedicated for checking if an anti-virus is working. http://en.wikipedia.org/wiki/EICAR_test_file
在测试期间,您可以使用 EICAR 文件,该文件专用于检查防病毒软件是否正常工作。http://en.wikipedia.org/wiki/EICAR_test_file
回答by NotMe
You might investigate ClamAVor ClamWin. They are open source virus scanners, ClamWin is based on ClamAV. You should be able to modify one of these (if someone hasn't already) to do what you want.
您可以调查ClamAV或ClamWin。它们是开源病毒扫描程序,ClamWin 基于 ClamAV。您应该能够修改其中之一(如果有人还没有)来做您想做的事。
On the other end, you might consider simply dropping the streamed files into a directory and letting a scanner monitor that particular directory.
另一方面,您可能会考虑简单地将流式文件放入一个目录中,并让扫描仪监视该特定目录。
回答by peater
Kaspersky (and others probably) appears to have several ways to handle this at an enterprise level: http://usa.kaspersky.com/business-security/targeted-solutions
卡巴斯基(可能还有其他人)似乎有多种方法可以在企业级别处理此问题:http: //usa.kaspersky.com/business-security/targeted-solutions
The internet gateway product might be of most relevance. It looks like it supports Checkpoint, Squid Proxy Server, and Microsoft.
互联网网关产品可能最相关。看起来它支持 Checkpoint、Squid Proxy Server 和 Microsoft。
Here is there download page for trials and documentation: http://usa.kaspersky.com/downloads/documentation
这里是试验和文档的下载页面:http: //usa.kaspersky.com/downloads/documentation
At an enterprise level you might decide to get an appliance (Cisco ACE for example) which off-loads the SSL and then use one of these options (or Cisco IOS Intrusion Prevention System (IPS) with Cisco firewalls). I have several clients with Cisco ACE devices, but am investigating virus detection at the firewall.
在企业级别,您可能决定购买一个设备(例如 Cisco ACE),它可以卸载 SSL,然后使用这些选项之一(或带有 Cisco 防火墙的 Cisco IOS 入侵防御系统 (IPS))。我有几个使用 Cisco ACE 设备的客户,但我正在调查防火墙的病毒检测。
