Discussion:
IMAP and Anti Virus Scanning For File Attachments
Ron Piggott
2014-02-04 05:38:12 UTC
Permalink
I am wondering what (or how) to protect from viruses when processing IMAP file attachments. I am using PHP 5.5.7 and Arch Linux.

Ron Piggott



www.TheVerseOfTheDay.info
Maciek Sokolewicz
2014-02-04 10:24:52 UTC
Permalink
Post by Ron Piggott
I am wondering what (or how) to protect from viruses when processing IMAP file attachments. I am using PHP 5.5.7 and Arch Linux.
Ron Piggott
www.TheVerseOfTheDay.info
That depends on what you want to do with the attachments. How do you
process them? Simple text files for example are unable to contain
virusses and are thus harmless. The only times you really need to check
for virusses is if you expect your attachment to be executed at some point.

If all you do is show "hey, there was an attachment of x.y kb included",
then there's no need to even bother checking for virusses. At least, not
until you run any service/program which might in turn attempt to execute
the file (for some odd reason).

- Tul
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Sebastian Krebs
2014-02-04 11:00:06 UTC
Permalink
Post by Maciek Sokolewicz
Post by Ron Piggott
I am wondering what (or how) to protect from viruses when processing IMAP
file attachments. I am using PHP 5.5.7 and Arch Linux.
Ron Piggott
www.TheVerseOfTheDay.info
That depends on what you want to do with the attachments. How do you
process them? Simple text files for example are unable to contain virusses
and are thus harmless.
Thats wrong. For example HTML is a simple text-file too, but still can
contain javascript-code and whatever flaws it may have.
Post by Maciek Sokolewicz
The only times you really need to check for virusses is if you expect your
attachment to be executed at some point.
If all you do is show "hey, there was an attachment of x.y kb included",
then there's no need to even bother checking for virusses. At least, not
until you run any service/program which might in turn attempt to execute
the file (for some odd reason).
Regarding the initial question: Download the attachment and call a common
anti-virus tool with the (temporary) downloaded file as parameter.
Post by Maciek Sokolewicz
- Tul
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
github.com/KingCrunch
Maciek Sokolewicz
2014-02-04 11:08:33 UTC
Permalink
Post by Sebastian Krebs
Post by Maciek Sokolewicz
Post by Ron Piggott
I am wondering what (or how) to protect from viruses when processing IMAP
file attachments. I am using PHP 5.5.7 and Arch Linux.
Ron Piggott
www.TheVerseOfTheDay.info
That depends on what you want to do with the attachments. How do you
process them? Simple text files for example are unable to contain virusses
and are thus harmless.
Thats wrong. For example HTML is a simple text-file too, but still can
contain javascript-code and whatever flaws it may have.
It seems I oversimplified in my explenation; the point I was trying to
make was that you still need to execute it before a virus can infect
anything. Javascript needs to be executed. If you don't execute it,
nothing can happen.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Pete Ford
2014-02-04 11:12:51 UTC
Permalink
Post by Sebastian Krebs
Post by Maciek Sokolewicz
Post by Ron Piggott
I am wondering what (or how) to protect from viruses when processing IMAP
file attachments. I am using PHP 5.5.7 and Arch Linux.
Ron Piggott
www.TheVerseOfTheDay.info
That depends on what you want to do with the attachments. How do you
process them? Simple text files for example are unable to contain virusses
and are thus harmless.
Thats wrong. For example HTML is a simple text-file too, but still can
contain javascript-code and whatever flaws it may have.
Post by Maciek Sokolewicz
The only times you really need to check for virusses is if you expect your
attachment to be executed at some point.
If all you do is show "hey, there was an attachment of x.y kb included",
then there's no need to even bother checking for virusses. At least, not
until you run any service/program which might in turn attempt to execute
the file (for some odd reason).
Regarding the initial question: Download the attachment and call a common
anti-virus tool with the (temporary) downloaded file as parameter.
+1 for Sebastian's method - I use it often on uploaded files too. Save
the content
in a quarantine location, then make a call to clamscan or something
similar...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Tim Streater
2014-02-04 12:53:00 UTC
Permalink
Post by Sebastian Krebs
Post by Maciek Sokolewicz
Post by Ron Piggott
I am wondering what (or how) to protect from viruses when processing IMAP
file attachments. I am using PHP 5.5.7 and Arch Linux.
That depends on what you want to do with the attachments. How do you
process them? Simple text files for example are unable to contain virusses
and are thus harmless.
Thats wrong. For example HTML is a simple text-file too, but still can
contain javascript-code and whatever flaws it may have.
For display purposes, use a sandboxed iframe. Then you can display the html while preventing any js execution.
--
Cheers -- Tim
Ron Piggott
2014-02-04 18:13:41 UTC
Permalink
I am thinking of initially saving file attachments in the database.

I have seen on the 'Yahoo' web site that file attachments are pre-scanned.

This is why I am asking.



Ron Piggott



www.TheVerseOfTheDay.info

-----Original Message-----
From: Tim Streater
Sent: Tuesday, February 04, 2014 7:53 AM
To: Sebastian Krebs ; Maciek Sokolewicz
Cc: Ron Piggott ; PHP General List
Subject: Re: IMAP and Anti Virus Scanning For File Attachments
Post by Sebastian Krebs
Post by Maciek Sokolewicz
Post by Ron Piggott
I am wondering what (or how) to protect from viruses when processing IMAP
file attachments. I am using PHP 5.5.7 and Arch Linux.
That depends on what you want to do with the attachments. How do you
process them? Simple text files for example are unable to contain virusses
and are thus harmless.
Thats wrong. For example HTML is a simple text-file too, but still can
contain javascript-code and whatever flaws it may have.
For display purposes, use a sandboxed iframe. Then you can display the html
while preventing any js execution.

--
Cheers -- Tim
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Continue reading on narkive:
Loading...