我有一个安全的文件上传功能,这是我网站的一部分 我正在使用防病毒软件来帮助我检查用户尝试上传的文件。
这是我的uploadprocess.php文件
$target_tmp = "D:\avscan\u\\";
$file = basename( $_FILES['uploaded_file']['name']) ;
if($file != "")
$_SESSION['file'] = $file;
$target = 'C:\xampp\htdocs\ssd\Uploads\\';
$file_path = $target_tmp.$file;
if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $file_path))
{
$safe_path = escapeshellarg($file_path);
$command = 'scancl'. $safe_path. ' --stdout';
$out = '';
$int = -1;
$output = exec($command, $out, $int);
echo "The output is" .$output;
echo $int;
exit(0);
//Checking for Virus.
if ($int == 0) {
$target = $target.$file;
//echo $target; exit(0);
copy($file_path, $target);
$uploaded = "The file ". $_SESSION['file']. "has been uploaded";
$clean = 'File is Clean.';
$_SESSION['status'] = $clean;
$_SESSION['upload'] = $uploaded;
header("location: ../upload.php");
exit(0);
}
// File is a virus.
else {
$mal = 'Contains Malware';
$deny_up = "Unable to Upload Your File!";
$_SESSION['status'] = $mal;
$_SESSION['upload'] = $deny_up;
header("location: ../upload.php");
exit(0);
}
}
else
{
echo "SORRY, There was a Problem Uploading Your File."; exit(0);
$err_upload = "SORRY, There was a Problem Uploading Your File.";
$_SESSION['err'] = err_upload;
header("location: ../upload.php");
exit(0);
}
它为所有文件(恶意和非恶意)打印$ int的值为1这是我第二次尝试使用不同的AV现在我正在使用Avira并且在使用clamscan之前
有人可以与我分享一些提示,并告诉我发生了什么
PS系统安装在XAMPP上,如果这有任何区别
答案 0 :(得分:0)
你能更具体地说明在这里不起作用的事吗?从理论上讲,你所做的事情至少对于ClamAV来说似乎很好,因为它有这些返回码(来自man clamscan):
RETURN CODES
0 : No virus found.
1 : Virus(es) found.
2 : Some error(s) occured.
也许它想记录exec调用的输出,如果你没有得到退出代码,你期望原因应该在输出中(比如缺少一个命令行标志)。