yup. it's UGLY as sin.
But in case anyone is interested, my site allows registered users to upload files to
their area. Certain other users are allowed to download those files. Registered users
can be trusted not to maliciously upload bad things, but they could inadvertantly
upload a virus.
So I implemented a virus scan upon file upload.
Here's how.
There are three components. I wrote a custom tag virusscan.cfm that calls a shell
script wrapper virusscan.sh that calls McAfee VirusScan for Linux.
(Note: I changed some open < into < so my email program doesnt eat the HTML)
--------------------
virusscan.sh
--------------------
#!/bin/bash
# Scan file ARGV[1] for viruses
# outputs results: 0=OK, 13,19=VIRUS, anything else=ERROR
/usr/local/bin/uvscan --delete --noexpire --secure - $1 2>&1 >/dev/null
echo $?
--------------------
Virusscan.cfm:
--------------------
<!--- Scan a file for viruses
--- Peter Theobald, [EMAIL PROTECTED]
--- (c) January 9, 2001 LiquidStreaming
--- Usage: <cf_virusscan file="filepath" return="variable">
--- Returns: "OK", "VIRUS", "ERROR" in the caller variable specified
---
--- If I could get the return code from an executable, this would be used:
<cfexecute
name="/usr/local/bin/uvscan"
arguments="--delete --noexpire --secure - #Attributes.file#"
outputfile="/dev/null"
timeout=600
>
---
--- But until I can, I'll have to call a wrapper script that outputs the
--- return code, and save that output in a file, then use CFFILE to get
--- that output
--- Remember to make the temporary file unique for multithreading
--->
<cfset serial=createuuid()>
<cfset tempfile= "/home/httpd/html/docroot/util/virus#serial#.out">
<cfexecute
name="/home/httpd/html/docroot/util/virusscan.sh"
arguments="#Attributes.file#"
outputfile="#tempfile#"
timeout=600
>
</cfexecute>
<cffile
action="read"
file="#tempfile#"
variable="scanresults"
>
<cffile
action="delete"
file="#tempfile#"
>
<cfset returnvar = "Caller.#Attributes.return#">
<cfif scanresults eq "0">
<cfset SetVariable( "#returnvar#", "OK")>
<cfelseif scanresults eq "13" or scanresults eq "19">
<cfset SetVariable( "#returnvar#", "VIRUS")>
<cfelse>
<cfset SetVariable( "#returnvar#", "ERROR")>
</cfif>
At 10:14 PM 1/9/01 -0500, Michael Dinowitz wrote:
>Ah. The module only returns the output. You may need to roll your own for
>this.
>
>
>> Sorry Michael, thanks for helping, but I need to get the return code from
>running an external executable called by CFEXECUTE.
>>
>>
>> At 07:22 PM 1/9/01 -0500, Michael Dinowitz wrote:
>> >Sorry. I assumed that the code was used so much that it was on the
>gallery.
>> >I'll send it to you directly and then post it up on site.
>> >
>> >
>> >> The CF_Execute I found at Allaire has nothing to do with the CFEXECUTE
>> >tag. It executes CFML code, not external executable programs.
>> >>
>> >> Am I looking in the wrong place?
>> >>
>> >> At 05:50 PM 1/9/01 -0500, Michael Dinowitz wrote:
>> >> >Wrap it in the CF_Execute custom tag. All it does is return the
>results
>> >of a
>> >> >CFEXECECUTE call.
>> >> >
>> >> >> How do I get the return code from a CFEXECUTE?
>> >> >> This is on Unix...
>> >> >>
>> >> >>
>> >>
>>
>>>> ------------------------------------------------------------------------
>-
>> >-
>> >> >-
>> >> >> Peter Theobald, Chief Technology Officer
>> >> >> LiquidStreaming http://www.liquidstreaming.com
>> >> >> [EMAIL PROTECTED]
>> >> >> Phone 1.212.545.1232 x204 Fax 1.212.545.0938
>> >> >>
>> >> >> To put this contact information into your Palm device, click here:
>> >> >>
>http://www.coola.com/cgi-bin/addinfo.cgi?pid=15803&rid=972879910&type=A
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >
>> >>
>> >
>>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
