I've a project in netbeans which my employer wants me to add a bulk file upload. The requirement was ,the user will put a csv file and some images in a folder in client side. on the file upload page he will choose the csv file and i have to upload the images in the folder along with the csv. After a short research i found that the client side file location and details can't be accessed from the server side so instead of uploading a single file and the contents in the folder which it belong, the user will zip all the files and upload the zip file . Now i'm conserned about the security risks of uploading a zip file.
1.- scan the zip files once they arrive at the server.
2.- unlikely. even if you use Javascript as front-end, it doesn't have access to the users file system.
3.- yes, for example with "clamav", but notice that no antivirus is 100% effective.
the steps are:
install clamav
configure clamav to update periodically its virus database
schedule a cron job that continuously scans all files that are in certain directory (the directory where you upload the users files)
delete files that contain viruses
for example:
# dnf install -y clamav
# dnf install -y clamav-update
$ clamscan java_error_in_IDEA_6451.log.zip
LibClamAV Warning: **************************************************
LibClamAV Warning: * The virus database is older than 7 days!
LibClamAV Warning: Please update it as soon as possible. *
LibClamAV Warning: **************************************************
java_error_in_IDEA_6451.log.zip: OK
----------- SCAN SUMMARY -----------
Known viruses: 4490129
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.37 MB
Data read: 0.03 MB (ratio 13.43:1)
Time: 6.239 sec (0 m 6 s)