1 (edited by MattF 2007-04-14 15:49)

Topic: AV scanning uploaded images

Wasn't sure which section to ask this in, so apologies if it's in the wrong section.

Question: Is it worthwhile putting in an exec call to run an AV scanner on uploaded images in the upload script, or is it not worth the hassle. Or, are images not an issue, as such?


Cheers,

Matt

Re: AV scanning uploaded images

Personally, I wouldn't bother.

3

Re: AV scanning uploaded images

Cheers. smile I thought it might be a bit of overkill, but thought it best to ask. big_smile

Re: AV scanning uploaded images

What you could do is just set a cronjob to scan your uploaded files once a day smile

Re: AV scanning uploaded images

elbekko wrote:

What you could do is just set a cronjob to scan your uploaded files once a day smile

To be honest, I think that would be worse, and you'd be rescanning files you already scanned. Unless of course you make it note new files and only scan those, but I still would think scanning at all is overkill.

6

Re: AV scanning uploaded images

Reines wrote:
elbekko wrote:

What you could do is just set a cronjob to scan your uploaded files once a day smile

To be honest, I think that would be worse, and you'd be rescanning files you already scanned. Unless of course you make it note new files and only scan those, but I still would think scanning at all is overkill.

A quick ctime check would sort that. big_smile An extra bit of caution never hurts, even though the server itself is running a proper OS, some, (most), of the client machines won't be. big_smile