It's possible with some work, but not really a priority. I personally don't see any use for it, how many viruses do you know that spread uploading themselves? Where would they do that? What good (bad) would it do?
| HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
| upload scanning? http://havp.hege.li/forum/viewtopic.php?f=4&t=230 |
Page 1 of 1 |
| Author: | sebastian [ 13 Apr 2007 23:01 ] |
| Post subject: | upload scanning? |
Why not scan uploaded data aswell, to prevent viruses from spreading, or uploading infected data to other servers. For example: Base64-encoded data in POST body/GET querystring (This will catch even files uploaded from a type=file inputbox, or files manually base64 encoded, and copied into a textarea/textfield.) |
|
| Author: | hege [ 14 Apr 2007 10:06 ] |
| Post subject: | |
It's possible with some work, but not really a priority. I personally don't see any use for it, how many viruses do you know that spread uploading themselves? Where would they do that? What good (bad) would it do?
|
|
| Author: | sebastian [ 15 Apr 2007 13:51 ] |
| Post subject: | |
The virus maker maybe dont want his IP logged when uploading his virus to as many websites as possible. So the virus maker maybe program his virus to check a list of websites, if the virus isnt there, then upload it... Another thing, is if a user on my wireless network accidentally upload a virus to some server. The biggest problem with both of these cases, is when I get a "penalty point" from my ISP. I currently have one penalty point from my ISP, because someone reported that someone was trying to connect to port80 of his computes. It was a wireless user doing full-connect scans for port80 to large IP-series. And Full-connect scans are impossible to block, because these scans means that the user is sending a full HTTP header, to get proxy-servers to connect. Any complaint to the abuse department causes the customer to get a penalty point, if the incident was not so worse that the user needs to being cut off directly. If I get 3 penalty points, then my broadband subscription will be ended. |
|
| Author: | hege [ 15 Apr 2007 14:13 ] |
| Post subject: | |
sebastian wrote: The virus maker maybe dont want his IP logged when uploading his virus to as many websites as possible.
So the virus maker maybe program his virus to check a list of websites, if the virus isnt there, then upload it... Another thing, is if a user on my wireless network accidentally upload a virus to some server. I still don't get what you mean by websites.. Only real example I can come up with is megaupload, rapidshare etc. A virus could in theory try to upload to those public sharing services. And maybe send emails containing the URLs to people in your address book. But that's very far fetched and not really HAVPs problem. What server/service are you referring that your user would accidently upload viruses to? Maybe when sending attachments from webmail? It would be more of the webmails job to scan it. Anyways, maybe in some future version it's implemented. Cheers, Henrik |
|
| Author: | sebastian [ 15 Apr 2007 22:22 ] |
| Post subject: | |
With accidental upload, I mean that if the user uploads a infected EXE to some software library without knowing it, and then I get blamed for that because my IP shows up in the log... |
|
| Author: | hege [ 15 Apr 2007 22:24 ] |
| Post subject: | |
sebastian wrote: With accidental upload, I mean that if the user uploads a infected EXE to some software library without knowing it, and then I get blamed for that because my IP shows up in the log...
It's a legimate reason alright, though a very rare case would be.
|
|
| Author: | mook [ 23 Sep 2009 09:13 ] |
| Post subject: | Re: upload scanning? |
Not rare at all !! I came across HAVP while looking for a way to protect my https subversion repository from viruses. Other windows developers I'm working with occasionally get infected and commit their infected binaries to the server HAVP scanning their uploads would be just great and very useful for that. Right now my other option is only clam with inotify scanner but it's very poor approach since it only scans after the file is committed. HAVP could just stop the http session ant the transaction would be aborted. |
|
| Author: | sebastian [ 23 Sep 2009 15:28 ] |
| Post subject: | Re: upload scanning? |
Or it could just ignore rest of the data and pipe to /dev/null until the client has sent Content-Length bytes, and then send a response like the today's response telling that the uploaded data was infected. |
|
| Author: | hege [ 23 Sep 2009 15:36 ] |
| Post subject: | Re: upload scanning? |
mook wrote: Not rare at all !! I came across HAVP while looking for a way to protect my https subversion repository from viruses. Other windows developers I'm working with occasionally get infected and commit their infected binaries to the server HAVP scanning their uploads would be just great and very useful for that. Right now my other option is only clam with inotify scanner but it's very poor approach since it only scans after the file is committed. HAVP could just stop the http session ant the transaction would be aborted. Googling for 15 seconds revealed that subversion can execute hooks before commit: http://wordaligned.org/articles/a-subve ... ommit-hook I'm not saying upload scanning is bad, but most if not all stuff can and should be handled application-wise. If someone wants to code upload checks, feel free to post patches. |
|
| Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|