Check upload file for virus in MVC3

我只是一个虾纸丫 提交于 2019-12-03 06:29:29

Take a look at Sophos API https://secure.sophos.com/partners/oem/integration/savdi.html

"SAV Dynamic Interface (SAVDI) provides an easy-to-integrate, general-purpose interface to the Sophos detection engine. It enables programs written in any language to scan files and data for malware and is particularly popular with ISPs/ASPs running in a .NET environment."

Another alternative is to use Process class to start an anti-virus scanner on the server (http://www.dotnetperls.com/process-start) and parse its results. For example, here's the list of command-line parameters for AVG: http://www.avg.com/ww-en/faq.num-3604.

By the way, as you develop your solution, you will need to test if you're able to identify an infected file. But it's not recommended to use a real infected file. However, you can create a text file with the string below. This string is commonly identified by anti-virus scanners as a infected file for testing purposes (for more information, search for EICAR Standard Anti-Virus Test File).

*X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H**

To make your life easier... just check out Metascan Online. They offer an online free public API. In the future, you could also set up a way to do this programmatically with the Metascan Online public API.

    Sample Code(PHP)

       // Config.
        $api    = 'https://api.metascan-online.com/v1/file';
        $apikey = 'E1D7-DG5E-4FE0-BFAE';
        $file   = 'test.txt';

      // Build headers array.
      $headers = array(
  'apikey: '.$apikey,
  'filename: '.basename($file)
      );

      // Build options array.
      $options = array(
  CURLOPT_URL       => $api,
  CURLOPT_HTTPHEADER    => $headers,
  CURLOPT_POST      => true,
  CURLOPT_POSTFIELDS    => file_get_contents($file),
  CURLOPT_RETURNTRANSFER    => true,
  CURLOPT_SSL_VERIFYPEER    => false
      );

      // Init & execute API call.
      $ch = curl_init();
      curl_setopt_array($ch, $options);
      $response = json_decode(curl_exec($ch), true);

      print_r($response);

This is the engine you want to use if you're serious about multi -scanning. They also use over 40 engines to scan files.

try online resources to scan like virusTotal or similar. Also as I know Kaspersky has an online scanner, but it is temporary unavailable.

From the application point of view you can create a proxy server where you can install antivirus software, upload the file to this server, scan it and transfer to your destination server

I was looking to solve a very similar problem, and did not find much on in memory scanning. Most examples I found involve writing the file to disk, and then scanning by passing some variables to another process to scan the file on disk.

So in the solution I have used I just use the HttpPostedFileBase.InputStream, and send that to ClamAv to scan. There is not much code to get it working in MVC and its QED.

So in your MVC controller, you'll have something like this:

/// Main controller
public class HomeController : Controller {

    /// Get the upload view
    [HttpGet]
    public ActionResult Index() {
        return View();
    }

    /// Handle the file upload
    [HttpPost]
    public ActionResult Index(UploadViewModel model, HttpPostedFileBase file) {
        var scanner = VirusScannerFactory.GetVirusScanner();
        var result = scanner.ScanStream(file.InputStream);

        if(result.IsVirusFree) {
            // save to disk
        } else {
            // don't save to disk and tell user they uploaded a virus
        }

        return View(model);
    }
}

The Implementation of the VirusScannerFactory can be extended to suite your AV vendor.

public class VirusScannerFactory {
    public static IScanViruses GetVirusScanner() {
        //Currently we only have one Antivirus implementation, 
        //but later we want to include AVG, SOPHOS and metascan 
        return new ClamAvScanner();
    }
}

public interface IScanViruses {

    ScanResult ScanFile(string fullPath);

    ScanResult ScanBytes(byte[] bytes);

    ScanResult ScanStream(Stream stream);
}

I have used nClam and ClamAv as an example. The full ClamAv implementation can be found on github, but a snippet of how you get it working for memory streams is below

public class ClamAvScanner : IScanViruses{
    ... snip ...
    /// Scans your data stream for virus
    public ScanResult ScanStream(Stream stream) {
        var clam = new ClamClient("localhost", 3310);
        return MapScanResult(clam.SendAndScanFile(stream));
    }
    ...snip ...
    /// helper method to map scan result
    private ScanResult MapScanResult(ClamScanResult scanResult) {
        var result = new ScanResult();
        switch (scanResult.Result) {
            case ClamScanResults.Unknown:
                result.Message = "Could not scan file";
                result.IsVirusFree = false;
            break;
            case ClamScanResults.Clean:
                result.Message = "No Virus found";
                result.IsVirusFree = true;
                break;
            case ClamScanResults.VirusDetected:
                result.Message = "Virus found: " + scanResult.InfectedFiles.First().VirusName;
                result.IsVirusFree = false;
                break;
            case ClamScanResults.Error:
                result.Message = string.Format("VIRUS SCAN ERROR! {0}", scanResult.RawResult);
                result.IsVirusFree = false;
                break;
           }
        return result;
    }
}

I created a blog post with full details of how to do this with ClamAv.

Did some research of this topic, here is the summary.(It is mainly for Windows and C#, as I am using Windows and we are using Symantec anti-virus software)

  1. Symantec product:

    a. Systemtec Scan Engine. : It is like a private anti-virus service and it provide SDK to integrate into your system.

    b. Doscan.exe : it is a command line tool I can find in our company's system.We can use in our code by creating a new process to scan a file. It uses same scan process of Symantec scanner. So it will be blocked when the software is doing a long time scaning.

  2. AntiVirusscanner

    This library is a wrapper of anti virus software product (such as "Microsoft Security Essentials (Windows Defender)") which you installed on your Windows OS. As I cannot stop the real-time scan of Symantec on my machine so don’t know if it works. I found a user said it doesn't work but I didn't check.

  3. Windows Defender :

    It is a anti-virus software build-in Windows System. And it is said to have a commend line tool (mpcmdrun.exe), but I cannot find it on my machine. And it was disabled as we are using Symantec. If you have it you can give it a try.

  4. Open Source Anti-virus product

    ClamAV is a popular one. Some product integrate it into their system. And it has C# API, so it can also be used to make a private cloud scan engine.

  5. Commercial Scan-Engine Open API like: Virustotal and Sophos.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!