Virus Scanning Uploaded files from Azure Web/Worker Role

被刻印的时光 ゝ 提交于 2019-12-05 19:24:04

I have successfully done this using the open source ClamAV. You don't specify what languages you are using, but as it's Azure I'll assume .Net.

There is a .Net wrapper that should provide the API that you are looking for:

https://github.com/tekmaven/nClam

Here is some sample code (note: this is copied directly from the nClam GitHub repo page and reproduced here just to protect against link rot)

using System;
using System.Linq;
using nClam;

class Program
{
    static void Main(string[] args)
    {

        var clam = new ClamClient("localhost", 3310);
        var scanResult = clam.ScanFileOnServer("C:\\test.txt");  //any file you would like!

        switch(scanResult.Result)
        {
            case ClamScanResults.Clean:
                Console.WriteLine("The file is clean!");
                break;
            case ClamScanResults.VirusDetected:
                Console.WriteLine("Virus Found!");
                Console.WriteLine("Virus name: {0}", scanResult.InfectedFiles.First().VirusName);
                break;
            case ClamScanResults.Error:
                Console.WriteLine("Woah an error occured! Error: {0}", scanResult.RawResult);
                break;
        }
    }
}

There are also APIs available for refreshing the virus definition database. All the necessary ClamAV files can be included in the deployment package and any configuration can be put into the service start-up code.

ClamAV is a good idea, specially now that 0.99 is about to be released with YARA rule support - it will make it really easy for you to write custom rules and allow clamav to use tons of good YARA rules in the open today.

Another route, and a bit of shameless plugging, is to check out scanii.com, it's a SaaS for malware/virus detection and it integrates quite nicely with AWS and Azures.

There are a number of options to achieve this:

Firstly you can use ClamAV as already mentioned. ClamAV doesn't always receive the best press for its virus databases but as others have pointed out it's easy to use and is expandable.

You can also install a commercial scanner, such as avg, kaspersky etc. Many of these come with a C API that you can talk to directly, although often getting access to this can be expensive from a licensing point of view.

Alternatively you can make calls to the executable directly using something like the following to capture the output:

var proc = new Process {
    StartInfo = new ProcessStartInfo {
        FileName = "scanner.exe",
        Arguments = "arguments needed",
        UseShellExecute = false,
        RedirectStandardOutput = true,
        CreateNoWindow = true
    }
};
proc.Start();
while (!proc.StandardOutput.EndOfStream) {
    string line = proc.StandardOutput.ReadLine();
}

You would then need to parse the output to get the result and use it within your application.

Finally, now there are some commercial APIs available to do this kind of thing such as attachmentscanner (disclaimer I'm related to this product) or scanii. These will provide you with an API and a more scalable option to scan specific files and receive the response from at least one virus checking engine.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!