文件上传的免费服务器端防病毒/安全/木马保护？

发布于 2024-10-16 23:03:50 字数 241 浏览 2 评论 0原文

我允许用户上传相册等照片，还可以将文件（目前为文档）作为邮件附件附加。因此，我认为我需要一些防病毒/安全工具来首先扫描文件，以防人们上传受感染的内容。那么两个问题： 1）是否有任何“免费”或开源工具可供我使用或集成到我的环境中：codeignitor php？ 2) 如何保护上传区域免受系统其他部分的影响？假设病毒扫描程序未能捕获病毒并上传，如何防止其感染其他文件？就像可以将上传区域放入沙箱中或始终使用该文件路径供用户访问内容，这样它就不会传播到系统的其他部分吗？

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

做个ˇ局外人 2024-10-23 23:03:50

有 clamav 免费病毒扫描程序。安装它，您可以执行以下操作：

function virus_detected($filename)
{
        $clamscan = "/usr/local/bin/clamscan";
        $result = exec("$clamscan -i --no-summary $filename");
        return strlen($result)?true:false;
}

至于安全性，请确保将临时文件上传到 Web 根目录之外的目录。然后，您应该验证文件类型，将文件重命名为原始文件名以外的名称，并附加适当的扩展名（gif、jpg、bmp、png）。我相信除了 php 本身的漏洞之外，这应该可以让你相当安全。

有关在 php 中验证文件类型的更多信息，请查看：
http://www.php.net/manual/en/function.finfo -文件.php

There is clamav for a free virus scanner. Install it and you could do something like:

function virus_detected($filename)
{
        $clamscan = "/usr/local/bin/clamscan";
        $result = exec("$clamscan -i --no-summary $filename");
        return strlen($result)?true:false;
}

As for security, make sure the temporary files are uploaded to a directory outside of your web root. You should then verify the file type, rename the file to something other than it's original file name and append the appropriate extension (gif,jpg,bmp,png). I believe this should keep you fairly safe aside from exploits in php itself.

For more information about verifying file types in php check out:
http://www.php.net/manual/en/function.finfo-file.php

回复收藏 0 原文

記憶穿過時間隧道 2024-10-23 23:03:50

我知道这个主题已经三年不活跃了，但是，以防万一将来其他人也同样正在寻找基于 PHP 的防病毒解决方案，适合那些没有防病毒守护进程、程序或实用程序的人安装在其主机上并且无法安装防病毒守护程序、程序或实用程序，phpMussel< /a>，我基于 ClamAV 编写的一个 PHP 脚本，它符合 Rohit（原始发布者）正在寻找的内容（基于 PHP 的防病毒软件，用于保护他们的 CMS 免受恶意文件的侵害）上传），可能是一个可行的解决方案。它当然并不完美，我不能保证它会捕获所有内容，但到目前为止，它肯定比什么都不使用要好。

理想情况下，正如 Matt 上面已经建议的那样，调用 shell 让 ClamScan 扫描上传的文件绝对是一个理想的解决方案，如果这是主机管理员、网站管理员或 Rohit 情况下的任何人都能够做到的事情，我' d 完全赞同该建议。我所写的内容，因为它是一个 PHP 脚本，对于完全依赖 PHP 来运行的任何东西都有固有的局限性，但是，在上述建议和/或类似建议不可能的情况下（例如，如果主机没有安装防病毒软件并且 shell 访问被禁用；这在更便宜的共享托管解决方案中很常见），这就是我在这里建议的可能介入的地方 - 只需要安装 PHP（使用 PCRE）包括扩展名，无论如何，这是当今 PHP 的标准），仅此而已。

另请记住，正如马特已经建议的那样，始终在根目录之外上传，以确保上传的文件不会被攻击者利用（例如，如果攻击者试图通过上传后门或木马来破坏您的系统） - 病毒并不是您需要担心的唯一威胁，当今绝大多数防病毒解决方案不仅仅关注病毒。马特也完全正确地指出，没有任何防病毒解决方案是完美的，因此，任何允许将文件上传到其网站或服务器的人都需要保持警惕 - 防病毒解决方案是任何人都必须拥有的但不存在能够涵盖所有可能威胁的互联网安全圣杯。此外，重命名文件不仅仅是为了确保它们无法执行（这可以从原始发布者关于 EXE 的回复评论中推断出来） - 通过重命名文件以及与攻击者试图覆盖目标系统上已存在的文件作为隐藏其肮脏工作的手段相关的风险。

关于反病毒解决方案可能会漏掉恶意文件并可能感染上传这些文件的系统的威胁；在这种情况下，主机管理员或网站管理员可能会采取某种快速而简单的编码过程，该过程会使系统本身无法执行该文件，但可以通过负责调用的 PHP 脚本轻松地逆转该过程。根据请求，例如通过使用 base64_encode()、bin2hex()，或者甚至通过旋转几个字符并添加盐来替换文件的幻数或类似的内容。

I know this topic hasn't been active for three years now, but, in case anyone else in the future, similarly, is looking for a PHP-based anti-virus solution, for those without an anti-virus daemon, program or utility installed on their host machine and without the ability to install an anti-virus daemon, program or utility, phpMussel, a PHP script that I've written based on ClamAV that fits the bill for what Rohit (the the original poster) was looking for (a PHP-based anti-virus to protect their CMS against malicious file uploads), may possibly be a viable solution. It certainly isn't perfect and I can't guarantee that it'll catch everything, but by far, it's certainly better than using nothing at all.

Ideally, as per already suggested above by Matt, making a call to shell to have ClamScan scan the file uploads is definitely an ideal solution, and if this is something that a hostmaster, webmaster or anyone in Rohit's situation is able to do, I'd second that suggestion wholly. What I've written, because it is a PHP script, has limitations inherent to anything that relies wholly on PHP in order to function, but, in instances where the aforementioned suggestion and/or similar suggestions aren't a possibility (such as if the host machine doesn't have an anti-virus installed and shell access is disabled; common with cheaper shared hosting solutions), that's where what I'm suggesting here could potentially step in - Something that only requires PHP to be installed (with PCRE extension included, which is standard with PHP nowadays anyhow), and nothing more.

Also remember, as Matt has already suggested, to always upload outside of your root directory, to ensure that uploaded files can't be exploited by attackers (such as in the event of an attacker attempting to compromise your system by uploading backdoors or trojans) - Viruses are not the only threat you need to worry about, and the vast majority of anti-virus solutions nowadays do not solely focus on viruses. Matt is also entirely correct in pointing out that no anti-virus solution is perfect, and for that reason, anyone allowing file uploads to their website or server needs to remain vigilant - An anti-virus solution is a must-have for anyone in that situation, but no holy grail of internet security that'll cover every possible threat exists. Also, renaming files isn't only about ensuring that they can't execute (as may be somewhat inferred by the original poster's reply comment regarding EXEs) - The risk of threats such as directory traversal attacks can be reduced by renaming files as well as the risk associated with an attacker attempting to override an already existing file on a targeted system as a means to hide their dirty-work.

Regarding the threat of files that may be malicious being missed by an anti-virus solution and then potentially infecting the system where they are being uploaded to; What a hostmaster or webmaster could potentially do in this situation is employ some sort of quick and simple encoding process that'd render the file non-executable by the system itself, but which can be easily and readily reversed by the PHP script responsible for calling that file on request, such as by way of using base64_encode(), bin2hex(), or even by just rotating a few characters and adding a salt to displace the file's magic number or something similar.

回复收藏 0 原文

~没有更多了~