HTTP Anti-Virus Proxy

Official HAVP Support Forum
Registration disabled, I'm tired of spambots. E-mail havp@hege.li if you have questions.
HAVP project is pretty much frozen/abandoned at this time anyway.


All times are UTC + 2 hours [ DST ]




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: upload scanning?
PostPosted: 13 Apr 2007 23:01 
Offline

Joined: 06 Apr 2006 21:33
Posts: 21
Why not scan uploaded data aswell, to prevent viruses from spreading, or uploading infected data to other servers.

For example:
Base64-encoded data in POST body/GET querystring
(This will catch even files uploaded from a type=file inputbox, or files manually base64 encoded, and copied into a textarea/textfield.)


Top
 Profile  
 
 Post subject:
PostPosted: 14 Apr 2007 10:06 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
It's possible with some work, but not really a priority. I personally don't see any use for it, how many viruses do you know that spread uploading themselves? Where would they do that? What good (bad) would it do? :)


Top
 Profile  
 
 Post subject:
PostPosted: 15 Apr 2007 13:51 
Offline

Joined: 06 Apr 2006 21:33
Posts: 21
The virus maker maybe dont want his IP logged when uploading his virus to as many websites as possible.

So the virus maker maybe program his virus to check a list of websites, if the virus isnt there, then upload it...


Another thing, is if a user on my wireless network accidentally upload a virus to some server.


The biggest problem with both of these cases, is when I get a "penalty point" from my ISP.
I currently have one penalty point from my ISP, because someone reported that someone was trying to connect to port80 of his computes.

It was a wireless user doing full-connect scans for port80 to large IP-series.
And Full-connect scans are impossible to block, because these scans means that the user is sending a full HTTP header, to get proxy-servers to connect.

Any complaint to the abuse department causes the customer to get a penalty point, if the incident was not so worse that the user needs to being cut off directly.

If I get 3 penalty points, then my broadband subscription will be ended.


Top
 Profile  
 
 Post subject:
PostPosted: 15 Apr 2007 14:13 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
sebastian wrote:
The virus maker maybe dont want his IP logged when uploading his virus to as many websites as possible.

So the virus maker maybe program his virus to check a list of websites, if the virus isnt there, then upload it...

Another thing, is if a user on my wireless network accidentally upload a virus to some server.


I still don't get what you mean by websites..

Only real example I can come up with is megaupload, rapidshare etc. A virus could in theory try to upload to those public sharing services. And maybe send emails containing the URLs to people in your address book. But that's very far fetched and not really HAVPs problem.

What server/service are you referring that your user would accidently upload viruses to? Maybe when sending attachments from webmail? It would be more of the webmails job to scan it.

Anyways, maybe in some future version it's implemented.

Cheers,
Henrik


Top
 Profile  
 
 Post subject:
PostPosted: 15 Apr 2007 22:22 
Offline

Joined: 06 Apr 2006 21:33
Posts: 21
With accidental upload, I mean that if the user uploads a infected EXE to some software library without knowing it, and then I get blamed for that because my IP shows up in the log...


Top
 Profile  
 
 Post subject:
PostPosted: 15 Apr 2007 22:24 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
sebastian wrote:
With accidental upload, I mean that if the user uploads a infected EXE to some software library without knowing it, and then I get blamed for that because my IP shows up in the log...


It's a legimate reason alright, though a very rare case would be. :)


Top
 Profile  
 
 Post subject: Re: upload scanning?
PostPosted: 23 Sep 2009 09:13 
Offline

Joined: 23 Sep 2009 09:06
Posts: 1
Not rare at all !!
I came across HAVP while looking for a way to protect my https subversion repository from viruses.
Other windows developers I'm working with occasionally get infected and commit their infected binaries to the server
HAVP scanning their uploads would be just great and very useful for that.
Right now my other option is only clam with inotify scanner but it's very poor approach since it only scans after the file is committed.
HAVP could just stop the http session ant the transaction would be aborted.


Top
 Profile  
 
 Post subject: Re: upload scanning?
PostPosted: 23 Sep 2009 15:28 
Offline

Joined: 06 Apr 2006 21:33
Posts: 21
Or it could just ignore rest of the data and pipe to /dev/null until the client has sent Content-Length bytes, and then send a response like the today's response telling that the uploaded data was infected.


Top
 Profile  
 
 Post subject: Re: upload scanning?
PostPosted: 23 Sep 2009 15:36 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
mook wrote:
Not rare at all !!
I came across HAVP while looking for a way to protect my https subversion repository from viruses.
Other windows developers I'm working with occasionally get infected and commit their infected binaries to the server
HAVP scanning their uploads would be just great and very useful for that.
Right now my other option is only clam with inotify scanner but it's very poor approach since it only scans after the file is committed.
HAVP could just stop the http session ant the transaction would be aborted.


Googling for 15 seconds revealed that subversion can execute hooks before commit:

http://wordaligned.org/articles/a-subve ... ommit-hook

I'm not saying upload scanning is bad, but most if not all stuff can and should be handled application-wise. If someone wants to code upload checks, feel free to post patches.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC + 2 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group