使用命令行AV在安全文件上载脚本中出现问题

时间:2014-04-25 15:44:02

标签: php file file-upload xampp antivirus

我有一个安全的文件上传功能,这是我网站的一部分 我正在使用防病毒软件来帮助我检查用户尝试上传的文件。

这是我的uploadprocess.php文件

$target_tmp = "D:\avscan\u\\"; 
$file = basename( $_FILES['uploaded_file']['name']) ;
if($file != "")
$_SESSION['file'] = $file;


$target = 'C:\xampp\htdocs\ssd\Uploads\\'; 

$file_path = $target_tmp.$file;

if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $file_path)) 
{

    $safe_path = escapeshellarg($file_path);

    $command = 'scancl'. $safe_path. ' --stdout';
    $out = '';
    $int = -1;

    $output = exec($command, $out, $int); 
            echo "The output is" .$output;
     echo $int;        
     exit(0);

    //Checking for Virus. 
    if ($int == 0) {

        $target = $target.$file; 
        //echo $target; exit(0);
        copy($file_path, $target); 
        $uploaded = "The file ". $_SESSION['file']. "has been uploaded";
        $clean = 'File is Clean.';
        $_SESSION['status'] = $clean;
        $_SESSION['upload'] = $uploaded;
        header("location: ../upload.php");
        exit(0);
    }
    // File is a virus.
    else {
        $mal = 'Contains Malware';
        $deny_up = "Unable to Upload Your File!";
        $_SESSION['status'] = $mal;
        $_SESSION['upload'] = $deny_up;
        header("location: ../upload.php");
        exit(0);
    }


}
else 
{
    echo "SORRY, There was a Problem Uploading Your File."; exit(0);
    $err_upload = "SORRY, There was a Problem Uploading Your File.";
    $_SESSION['err'] = err_upload;
    header("location: ../upload.php");
    exit(0);
}

它为所有文件(恶意和非恶意)打印$ int的值为1这是我第二次尝试使用不同的AV现在我正在使用Avira并且在使用clamscan之前

有人可以与我分享一些提示,并告诉我发生了什么

PS系统安装在XAMPP上,如果这有任何区别

1 个答案:

答案 0 :(得分:0)

你能更具体地说明在这里不起作用的事吗?从理论上讲,你所做的事情至少对于ClamAV来说似乎很好,因为它有这些返回码(来自man clamscan):

RETURN CODES
       0 : No virus found.

       1 : Virus(es) found.

       2 : Some error(s) occured.

也许它想记录exec调用的输出,如果你没有得到退出代码,你期望原因应该在输出中(比如缺少一个命令行标志)。