Scanning uploads for viruses
218 views
Skip to first unread message
Brandon Taylor
Nov 13, 2009, 3:34:54 AM11/13/09
to Django users
Greetings all,
My project involves uploading Word documents (resumes), and I would
like to be able to scan them for viruses. I've found ClamAV, but
installation is proving a little testy. So, I thought I'd ping the
community for advice. Should I even be concerned with this? My
deployment server is Linux, and the client is running anti virus
software on their PCs, which I'm sure scan downloads.
I'd appreciate your advice!
Kind regards,
Brandon
My project involves uploading Word documents (resumes), and I would
like to be able to scan them for viruses. I've found ClamAV, but
installation is proving a little testy. So, I thought I'd ping the
community for advice. Should I even be concerned with this? My
deployment server is Linux, and the client is running anti virus
software on their PCs, which I'm sure scan downloads.
I'd appreciate your advice!
Kind regards,
Brandon
David De La Harpe Golden
Nov 13, 2009, 7:08:57 AM11/13/09
to django...@googlegroups.com
Installing clamav-daemon, clamav-freshclam, python-pyclamd etc. should
be a straightforward "aptitude install" operation on debian at least.
I'm presently using clamav via pyclamd to scan uploaded docs in django
via a forms.FileField subclass, something along the lines of the example
below:
from django.forms import fields
import pyclamd
from pyclamd import ScanError
# really this should be a setting, and of course allow network_socket
pyclamd.init_unix_socket(filename='/var/run/clamav/clamd.ctl')
class VirusScannedFileField(forms.FileField):
default_error_messages = {
'virus_found': u"Warning! Warning! Uploaded File may contain a
VIRUS! %(virus_detail)s",
'virus_commerr': u"Failed to contact virus scanner. Please try
again later.",
}
def clean(self, data, initial=None):
"""
Uses pyclamd to virus check an uploaded file
"""
f = super(VirusScannedFileField, self).clean(data, initial)
if f is None:
return None
elif not data and initial:
return initial
# We might have a path or we might
# have to read the data into memory
# FIXME: use scan_file and scan_stream as appropriate
if hasattr(data, 'temporary_file_path'):
buf = file(data.temporary_file_path(),'rb').read()
else:
if hasattr(data, 'read'):
buf = data.read()
else:
buf = data['content']
try:
ret = pyclamd.scan_stream(buf)
if ret:
raise
fields.ValidationError(self.error_messages['virus_found'] %
{'virus_detail': ', '.join([i for i in ret.itervalues()])})
except ScanError, e:
raise
fields.ValidationError(self.error_messages['virus_commerr'])
if hasattr(f, 'seek') and callable(f.seek):
f.seek(0)
return f
Brandon Taylor
Nov 13, 2009, 10:22:13 AM11/13/09
to Django users
Thank you very much for the reply David. I was compiling ClamAV from
source very late last night, but if I can go through apt-get, I'll
certainly do that. I'm with you, I would certainly rather catch these
on the upload than the download. I tried to talk the client into only
using a the text from the resume, which I'm going to grab and stick
into the DB anyway, but for some reason, they insist on letting people
upload.
Kindest regards,
Brandon
On Nov 13, 6:08 am, David De La Harpe Golden
source very late last night, but if I can go through apt-get, I'll
certainly do that. I'm with you, I would certainly rather catch these
on the upload than the download. I tried to talk the client into only
using a the text from the resume, which I'm going to grab and stick
into the DB anyway, but for some reason, they insist on letting people
upload.
Kindest regards,
Brandon
On Nov 13, 6:08 am, David De La Harpe Golden
Reply all
Reply to author
Forward
0 new messages