如何在存储之前检查上传文件是否有病毒?
我以前读过这个主题,但我怎样才能以编程方式进行并为用户返回结果?
The best way to avoid problems with user uploaded files of any kind is to have a command line virus scanner on the server, which you use to scan the files after upload. If the scanner result is positive, delete the file and so on
最佳答案
我正在寻找解决一个非常相似的问题,但在内存扫描方面没有找到太多。我发现的大多数示例都涉及将文件写入磁盘,然后通过将一些变量传递给另一个进程来扫描磁盘上的文件。
所以在我使用的解决方案中,我只使用 HttpPostedFileBase.InputStream
,并将其发送到 ClamAv 进行扫描。没有太多代码可以让它在 MVC 及其 QED 中工作。
所以在你的 MVC Controller 中,你会有这样的东西:
/// Main controller
public class HomeController : Controller {
/// Get the upload view
[HttpGet]
public ActionResult Index() {
return View();
}
/// Handle the file upload
[HttpPost]
public ActionResult Index(UploadViewModel model, HttpPostedFileBase file) {
var scanner = VirusScannerFactory.GetVirusScanner();
var result = scanner.ScanStream(file.InputStream);
if(result.IsVirusFree) {
// save to disk
} else {
// don't save to disk and tell user they uploaded a virus
}
return View(model);
}
}
VirusScannerFactory 的实现可以扩展为适合您的 AV 供应商。
public class VirusScannerFactory {
public static IScanViruses GetVirusScanner() {
//Currently we only have one Antivirus implementation,
//but later we want to include AVG, SOPHOS and metascan
return new ClamAvScanner();
}
}
public interface IScanViruses {
ScanResult ScanFile(string fullPath);
ScanResult ScanBytes(byte[] bytes);
ScanResult ScanStream(Stream stream);
}
我以 nClam 和 ClamAv 为例。完整的 ClamAv 实现可以是 found on github ,但下面是你如何让它为内存流工作的片段
public class ClamAvScanner : IScanViruses{
... snip ...
/// Scans your data stream for virus
public ScanResult ScanStream(Stream stream) {
var clam = new ClamClient("localhost", 3310);
return MapScanResult(clam.SendAndScanFile(stream));
}
...snip ...
/// helper method to map scan result
private ScanResult MapScanResult(ClamScanResult scanResult) {
var result = new ScanResult();
switch (scanResult.Result) {
case ClamScanResults.Unknown:
result.Message = "Could not scan file";
result.IsVirusFree = false;
break;
case ClamScanResults.Clean:
result.Message = "No Virus found";
result.IsVirusFree = true;
break;
case ClamScanResults.VirusDetected:
result.Message = "Virus found: " + scanResult.InfectedFiles.First().VirusName;
result.IsVirusFree = false;
break;
case ClamScanResults.Error:
result.Message = string.Format("VIRUS SCAN ERROR! {0}", scanResult.RawResult);
result.IsVirusFree = false;
break;
}
return result;
}
}
我创建了一个 blog post有关如何使用 ClamAv 执行此操作的完整详细信息。
关于asp.net-mvc-3 - 在 MVC3 中检查上传文件是否有病毒,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/17765017/