Basically, I want to virus scan files as they are uploaded (before writing them to disk) to a web app.
In particular, I'd like to integrate with "McAfee VirusScan Enterprise" (latest version).
From a design and maintenance perspective, would it perhaps be better to scan certain paths at the firewall using a third party product? That way the web app would not have to concern itself with virus scanning. So as to minimize overhead, do typical virus scanning firewalls let you specify URL patterns as well as a particular POST data pattern. This of course would not work if it's an HTTPS site (unless there's some way around that).
This post from stackoverflow seems to suggest that an SDK from McAfee is no longer available, but are there open source alternatives?
Check out Clamv ( http://www.clamav.net/ ) It is a open source anti-virus, and you can scan a stream. So you do not need to save the file for scanning it.
http://linux.die.net/man/1/clamscan
Scan a data stream: cat testfile | clamscan -
So it is quite easy, start the clamscan process with the - arg. write the file content to the stdin, and wait for the result code.
During your testing, you can use the EICAR file, which is a file dedicated for checking if an anti-virus is working. http://en.wikipedia.org/wiki/EICAR_test_file