Check upload file for virus in MVC3

KF2 picture KF2 · Jul 20, 2013 · Viewed 7.5k times · Source

How can i check upload file for virus before store it?

I previously read this topic,but how can i do it programmatic and return result for user?

The best way to avoid problems with user uploaded files of any kind is to have a command line virus scanner on the server, which you use to scan the files after upload. If the scanner result is positive, delete the file and so on

Answer

Fabio picture Fabio · Jul 20, 2013

Take a look at Sophos API https://secure.sophos.com/partners/oem/integration/savdi.html

"SAV Dynamic Interface (SAVDI) provides an easy-to-integrate, general-purpose interface to the Sophos detection engine. It enables programs written in any language to scan files and data for malware and is particularly popular with ISPs/ASPs running in a .NET environment."

Another alternative is to use Process class to start an anti-virus scanner on the server (http://www.dotnetperls.com/process-start) and parse its results. For example, here's the list of command-line parameters for AVG: http://www.avg.com/ww-en/faq.num-3604.

By the way, as you develop your solution, you will need to test if you're able to identify an infected file. But it's not recommended to use a real infected file. However, you can create a text file with the string below. This string is commonly identified by anti-virus scanners as a infected file for testing purposes (for more information, search for EICAR Standard Anti-Virus Test File).

*X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H**