Scanning viruses file through ColdFusion

Discussion:

(too old to reply)

RahimSharif

2006-02-28 08:46:10 UTC

Is any body knows how to scan file (for viruses) when uploading through ColdFusion website ??? Plase reply me as soon as possible if any body knows this one..

Thanx

BKBK

2006-02-28 09:09:21 UTC

Permalink

First, read up from the documentation on your antivirus how to scan an
individual file or folder from the command-line. Then use that in Coldfusion's
cfexecute.

e.g.

<cfexecute name = "C:\Program Files\myAntiVirus.exe" arguments = "-x -y -z"
outputFile = "C:\CFusionMX7\wwwroot\vscan\scanreport.txt" timeout = "5">
</cfexecute>

Adam Cameron

2006-02-28 13:59:04 UTC

Permalink

Post by BKBK
First, read up from the documentation on your antivirus how to scan an
individual file or folder from the command-line. Then use that in Coldfusion's
cfexecute.

You shouldn't need to do this.

Any AV software I've seen runs in the background anyway, and is constantly
scanning file writes, so simply make sure it's scanning the upload dir, and
it'll do the scan automatically, when CF tries to write the file to disk.
You don't need to ACTIVELY scan it.

Now... finding out whether or not it picked up a virus and what it did with
the file if it did... you'll need to access the AV s/w's log files for
that.

But if you simply want to make sure you're not allowing people to upload
virus-infected files, all you need to do is to tell the background scanner
to watch the upload dir.

--
Adam

RahimSharif

2006-02-28 09:17:15 UTC

Permalink

thanx for your prompt reply... Actually im using Norton Anti Virus Program. So will you please let me know how to use this one

BKBK

2006-02-28 09:54:18 UTC

Permalink

What you need is the executable(*.exe) of the antivirus software. ( Mine is 'ClamWin.exe' ). navx doesn't work because it is not an executable.

RahimSharif

2006-02-28 09:47:06 UTC

Permalink

I tried to find out the command line arguments for Norton anti virus .. and i
found such kind of this thing

navx -a -o ~/myReportFile /tmp > <filename.log>

But the thing is when i tried this one from command line it says
'navx' is not recognized as an i
operable program or batch file.

Im still confused what i'll do with thie matter.

RahimSharif

2006-02-28 11:01:17 UTC

Permalink

When apply this one it gives me this error

An exception occurred when invoking an external process.
The cause of this exception was that: java.io.IOException: CreateProcess:
c:\Program Files\Network Associates\Mcshield.exe error=2.

The error occurred in C:\Inetpub\wwwroot\Watani\virus.cfm: line 1

1 : <cfexecute name = "c:\Program Files\Network Associates\Mcshield.exe">
2 : </cfexecute>

RahimSharif

2006-02-28 12:04:34 UTC

Permalink

I found the solution thanx for your help. But i have one problem i found an output file of scanning result ... the thing is that how i take the result only instead of whole log file.....

BKBK

2006-02-28 18:55:18 UTC

Permalink

Adam, mine is not to second-guess, just to suggest an answer to the question
asked. It can be quite instructive for the developer just to know these things,
even when there is no immediate need for them. Oh, and, for the majority of
antivirus programs, the heuristics for automatic backgroud scanning are not as
rigorous as direct scanning.

Adam Cameron

2006-02-28 20:30:18 UTC

Permalink

Post by BKBK
Adam, mine is not to second-guess, just to suggest an answer to the question
asked.

Sure. As was I: the file *will* get scanned if you set the passive scanner
to do so. So it's answering the question. I also think it's a better
solution than using <cfexecute> to call the CLI scanner. By that's just an
opinion thing.

As for the heuristics of the passive scanner... it all depends on the
settings.

My experience of these forums, is that often the questions can be taken two
ways:
1) absolutely literally;
2) giving some thought to what's being asked and - yes - second guess WHY
the question might be being asked, and what end result the person asking
the question wants to arrive at.

There are a lot of beginners on these forums, and quite often it's not
occurred to the person asking the question that there's more than one way
to skin a cat, nor that they might not be asking quite the right question
(I'm not saying either applies to this particular situation: I'm speaking
generally).

In the reverse situation, if *I* was perhaps approaching things "not the
best way", I'd sure like to find out.

That's why I don't necessarily answer a question as literally as its being
asked.

Make sense?

--
Adam

RahimSharif

2006-03-01 13:18:39 UTC

Permalink

Thanx for all your support but I think im still on my same point i scanned the
file through cfexecute and it return the following result.....

CommonShell Command Line Scanner
Engine Version : 4400
DAT Version : 4705
C:\inetpub\wwwroot\mysite\test.cfm
C:\inetpub\wwwroot\mysite\test.cfm : Cleaned

Summary :-
FilesFound : 1
FilesScanned : 1
FilesNotScanned : 0
ObjectsFound : 1
ObjectsInfected : 0
ObjectsCleaned : 0
FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0

The thing is how i get result "Cleaned" from antivirus result file. Please let
me know rather then you guys are convencing to each other. Please tell me how i
take this Cleaned word from log file (I have only 10 days to submit the project
....)

Thanx

BKBK

2006-03-01 14:42:49 UTC

Permalink

Use cfexecute's outputFile attribute to specify where you want the scan
results to be written. (see my first reply). Also, remember to set the timeout
to at least 5, say, to enable the output to be generated and written.

RahimSharif

2006-03-02 08:52:12 UTC

Permalink

if you check my previous message i already get the scan result file on my
specified location as yuo told me on your first reply by using outputfile
attribute. The problem is that how i get the specific word "Cleaned" from
output file which is pasted on my previous message.
Please check it and do reply me ..

Thanx

BKBK

2006-03-02 10:14:34 UTC

Permalink

Do you wish to extract all the words containing "cleaned" from the logs? Show
us any code you've already written for it, so that we can have a better idea? I
ask because "cleaned" does not occur in your list as a word, only as part of a
word.

RahimSharif

2006-03-05 06:19:50 UTC

Permalink

Im my post 9 or Date :03/01/2006 01:18:39 PM
You can see my result file ..... or i'll again pase my result file i.e

********************************************************************************
*
CommonShell Command Line Scanner
Engine Version : 4400
DAT Version : 4705
C:\inetpub\wwwroot\mysite\test.cfm
C:\inetpub\wwwroot\mysite\test.cfm : Cleaned

Summary :-
FilesFound : 1
FilesScanned : 1
FilesNotScanned : 0
ObjectsFound : 1
ObjectsInfected : 0
ObjectsCleaned : 0
FilesInfected : 0
FilesCleaned : 0
FilesMoved : 0
FilesDeleted : 0
*************************************************************************
if you see on line 5 of my pasted result file you can find Cleaned
word......... How i get this one..

Thanx

MikerRoo

2006-03-05 08:01:50 UTC

Permalink

Use the attached code but substitute your variable for SCAN_RESULT_FILE.

<CFSCRIPT>
bFilesOK = true;
iCharPos = 1;

do
{
zSrchRez = REFindNoCase ("[\n\r]([^\n\r]+)( : Cleaned)",
SCAN_RESULT_FILE, iCharPos, TRUE);
iCharPos = iCharPos + zSrchRez.Pos[1] + zSrchRez.Len[1];

if (zSrchRez.Len[1] neq 0)
{
bFilesOK = false;
sCleaned = Mid (SCAN_RESULT_FILE, zSrchRez.Pos[2],
zSrchRez.Len[2]);
WriteOutput ('<h1><i>#sCleaned#</i> was cleaned!</h1>');
}
}
while (zSrchRez.Len[1] neq 0);

if (bFilesOK)
{
WriteOutput ("<h1>T'were ain't none files cleaned (neither)!</h1>");
}
</CFSCRIPT>

BKBK

2006-03-05 11:49:21 UTC

Permalink

Code to pick out the fifth line:

<cffile action = "read" file = "C:\Inetpub\wwwroot\mysite\scans\result.log"
variable = "scanresult">
<cfset line5 = ListGetAt(scanresult, 5, "#chr(13)&chr(10)#")>
<strong>Result:</strong> <cfoutput>#line5#</cfoutput>