Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Community Forums
 Code Support: ASP (Non-Forum Related)
 Security with ASP file uploader & SSL		  New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

Nikkol
Forum Moderator

USA
6907 Posts
Posted - 21 April 2002 :  16:42:17  Show Profile
I hope someone can steer me in the right direction. (After hours looking on the 'net my eyes hurt!)

I want to provide the ability for our network users to upload files to to our webserver and then copy the file to their "home directory" on another server. The code I have works beautifully. However, I'm concerned that users may unintentially (or not) upload viruses and other malicious code. It is my understanding that data sent over SSL will not be scanned by a antivirus program (we use McAfee's NetShield) since it is encrypted. However, once the file is uploaded, I use the FileSystemObject to copy the file over to the other server. Will the antivirus program detect it then? If so, I'm not worried. If not, what can I do to ensure (known) viruses are not uploaded?

Nikkol

Bunce
New Member

Australia
84 Posts
Posted - 22 April 2002 :  05:54:04  Show Profile  Send Bunce an ICQ Message
AFAIK, passing data through SSL won't check for viruses, all it would be doing is 'encrypting'/'decrypting' the virus.

It would all depend on the virus software you have installed on your server. You may be able to set it to scan 'incoming' or 'newly-created' files.

Alternatively, you may be able to write some script (WSH) that executes your virus-scan software, passing it the name of the newly uploaded file.?

HTH,
Andrew

======================================================
There have been many, many forum posts made throughout the world...
This was one of them!
Go to Top of Page

Nikkol
Forum Moderator

USA
6907 Posts
Posted - 22 April 2002 :  07:12:37  Show Profile
quote:

Alternatively, you may be able to write some script (WSH) that executes your virus-scan software, passing it the name of the newly uploaded file.?


That's exactly what I was thinking if the virus program doesn't catch it with using the FileSystemObject. Problem is I have no experience with WSH. Got any good links where I can learn WSH and use an ASP script to execute it?

Nikkol
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts
Posted - 22 April 2002 :  08:10:00  Show Profile  Visit HuwR's Homepage
Simply uploading a file to your server will not infect it with a virus, the file must be executed or loaded in some way for the virus to be made active, so as long as you only allow read/write acces to the directory and no execute or script access permissions, then you should be safe anyway.
Go to Top of Page

Nikkol
Forum Moderator

USA
6907 Posts
Posted - 22 April 2002 :  17:15:53  Show Profile
Thank Huw.

And I tested it by sending the eicar.com test file. The server caught it.

Nikkol
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.3 seconds. Powered By: Snitz Forums 2000 Version 3.4.07