lighttpd + php + clamav

15 views
Skip to first unread message

Joseph Williams

unread,
Aug 16, 2010, 1:12:55 AM8/16/10
to Professional PHP Developers
I am writing an application that requires uploading of image files
from a form. I am going to want/need to scan the files for viruses with
clamav. So far everything I have found via searching is either outdated
or is convoluted. I have a centos system that is running the latest
version of Lighttpd and php5. This application currently isn't using
mysql with the uploads but if needed I could easily add it in as a
reference of said upload. (Not to store the images *shudder*). I am
curious as to a way to accomplish this.

---
Joe Williams
@mrstatic
Shameless plug: https://www.speakservers.com

Jack Timmons

unread,
Aug 16, 2010, 7:18:24 AM8/16/10
to professi...@googlegroups.com
On Mon, Aug 16, 2010 at 12:12 AM, Joseph Williams
<joseph.s...@gmail.com> wrote:
>  I am writing an application that requires uploading of image files from a
> form. I am going to want/need to scan the files for viruses with clamav. So
> far everything I have found via searching is either outdated or is
> convoluted. I have a centos system that is running the latest version of
> Lighttpd and php5. This application currently isn't using mysql with the
> uploads but if needed I could easily add it in as a reference of said
> upload. (Not to store the images *shudder*). I am curious as to a way to
> accomplish this.

Can't you just call exec() from PHP and be done with it?

Maybe I just need more coffee.

--
Jack Timmons
@_Codeacula
Feel free to contact me on GTalk.

Joe Williams

unread,
Aug 16, 2010, 7:53:45 AM8/16/10
to professi...@googlegroups.com
From everything I have learned exec/system/shell_exec are things to be avoided lol, but exec it is.


-------
Twitter: @mrstatic
Website: https://www.speakservers.com

Sent on the Sprint® Now Network from my BlackBerry®
--
This group is managed and maintained by the development staff at 360 PSG. An enterprise application development company utilizing open-source technologies for todays small-to-medium size businesses.

For information or project assistance please visit :
http://www.360psg.com

You received this message because you are subscribed to the Google Groups "Professional PHP Developers" group.
To post to this group, send email to Professi...@googlegroups.com
To unsubscribe from this group, send email to Professional-P...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/Professional-PHP

Jack Timmons

unread,
Aug 16, 2010, 8:02:09 AM8/16/10
to professi...@googlegroups.com
On Mon, Aug 16, 2010 at 6:53 AM, Joe Williams
<joseph.s...@gmail.com> wrote:
> From everything I have learned exec/system/shell_exec are things to be avoided lol, but exec it is.

You can look into setting up a third-party library for it:

http://www.clamav.net/lang/en/download/third-party-tools/3rdparty-library/

Joe Williams

unread,
Aug 16, 2010, 8:04:50 AM8/16/10
to professi...@googlegroups.com
I was looking at the php 3rd party but appears to be debian only.


-------
Twitter: @mrstatic
Website: https://www.speakservers.com

Sent on the Sprint® Now Network from my BlackBerry®

-----Original Message-----
From: Jack Timmons <code...@gmail.com>
Sender: professi...@googlegroups.com
Date: Mon, 16 Aug 2010 07:02:09
To: <professi...@googlegroups.com>
Reply-To: professi...@googlegroups.com
Subject: Re: [Pro. PHP Dev.] lighttpd + php + clamav

Robert Gonzalez

unread,
Aug 16, 2010, 12:35:58 PM8/16/10
to professi...@googlegroups.com
Executing shell commands is only insecure if you allow arbitrary or variable commands to be passed. If you path your binaries yourself and wrap the calls to the main binary in your own shell script you are usually better off. I do it quite a bit at work. But I literally hard code the path to the executable in my code so there is no chance my code is going to call the wrong executable.

Joseph Williams

unread,
Aug 16, 2010, 10:05:59 PM8/16/10
to professi...@googlegroups.com
Just for the record, I ended up using exec like recommended and I am
just going to toss up a css layer on submit to show 'Processing..' or
some such since it adds a little bit of time.

--------

Jack Timmons

unread,
Aug 16, 2010, 10:21:32 PM8/16/10
to professi...@googlegroups.com
On Mon, Aug 16, 2010 at 9:05 PM, Joseph Williams
<joseph.s...@gmail.com> wrote:
>  Just for the record, I ended up using exec like recommended and I am just
> going to toss up a css layer on submit to show 'Processing..' or some such
> since it adds a little bit of time.

You can just redirect them elsewhere and let them know their image
will be processed and you'll shoot them an email when complete?

Joseph Williams

unread,
Aug 16, 2010, 10:23:05 PM8/16/10
to professi...@googlegroups.com
On 8/16/2010 9:21 PM, Jack Timmons wrote:
> On Mon, Aug 16, 2010 at 9:05 PM, Joseph Williams
> <joseph.s...@gmail.com> wrote:
>> Just for the record, I ended up using exec like recommended and I am just
>> going to toss up a css layer on submit to show 'Processing..' or some such
>> since it adds a little bit of time.
> You can just redirect them elsewhere and let them know their image
> will be processed and you'll shoot them an email when complete?
>
It is only an added 4 seconds on average and its an in house project so
the co-workers can suffer :)

---------

Reply all
Reply to author
Forward
0 new messages