MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Suggestions and Feedback > Scan uploads for virus?
Full Version: Scan uploads for virus?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

laie_techie

2009-05-29, 07:16 PM
Is there a hook I could use in a plugin to scan uploaded attachments with an antivirus? I know most image files are safe, but other legitimate attachment types are susceptible (macro viruses in Microsoft Office, viruses hidden in archives, etc).

LeX-

2009-05-29, 07:35 PM
And you have the title MyBB Mentor ? =/
A lil' effort to check the files.
For now there's no hook when an attachment gets uploaded.
Only when the attachment is uploaded and gets inserted in your DB;
	$plugins->run_hooks_by_ref("upload_attachment_do_insert", $attacharray);

You can add a hook in the beginning of the upload_attachment() function (./inc/functions_upload.php)
	$plugins->run_hooks_by_ref("upload_attachment_start", $attachment);

Joshua Mayer

2009-05-29, 09:19 PM
I think this is a really good idea.

User 2877

2009-05-29, 11:18 PM
You can run stuff via the server...stuff like fprot would do well. You wouldn't really use a plugin for that. You would need to write a batch script imho and place it on a cron job to scan the folder on a regular basis. I am sure you could rig something for real time to use fprot but it's not going to be 1,2,3. I already looked into this and did some scanning but ultimately I stopped the project. It wasn't something I could release and eventually I decided to remove the ability to upload archive files on my site.

laie_techie

2009-05-30, 01:02 AM
I know something like this can never make it into the MyBB core - too many different antivirus programs with different parameters, not to mention having to enable system calls.

At the same time, I think it would be a waste of resources to scan all attachments everytime they are requested or via cron.

My site deals with a subject where large attachments (50-100MB) are not uncommon, so people are encouraged to zip them up first.

User 2877

2009-05-30, 02:02 AM
Quote:At the same time, I think it would be a waste of resources to scan all attachments everytime they are requested or via cron.

Oh yeah..fprot and other linux antivirus have an issue scanning inside an archive file. One reason I ditched the project.

Yumi

2009-05-30, 03:08 AM
You can just monitor new attachments (check timestamps of files) and scan those.
I probably wouldn't do this from a MyBB side. Although the uploader won't get an instant notification if their file will eventually be rejected (unless you unapprove all attachments before scanning).
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Suggestions and Feedback > Scan uploads for virus?