Question

我有一个安全的文件上传功能，这是我网站的一部分我正在使用防病毒软件来帮助我检查用户尝试上传的文件。

这是我的uploadprocess.php文件

$target_tmp = "D:\avscan\u\\"; 
$file = basename( $_FILES['uploaded_file']['name']) ;
if($file != "")
$_SESSION['file'] = $file;


$target = 'C:\xampp\htdocs\ssd\Uploads\\'; 

$file_path = $target_tmp.$file;

if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $file_path)) 
{

    $safe_path = escapeshellarg($file_path);

    $command = 'scancl'. $safe_path. ' --stdout';
    $out = '';
    $int = -1;

    $output = exec($command, $out, $int); 
            echo "The output is" .$output;
     echo $int;        
     exit(0);

    //Checking for Virus. 
    if ($int == 0) {

        $target = $target.$file; 
        //echo $target; exit(0);
        copy($file_path, $target); 
        $uploaded = "The file ". $_SESSION['file']. "has been uploaded";
        $clean = 'File is Clean.';
        $_SESSION['status'] = $clean;
        $_SESSION['upload'] = $uploaded;
        header("location: ../upload.php");
        exit(0);
    }
    // File is a virus.
    else {
        $mal = 'Contains Malware';
        $deny_up = "Unable to Upload Your File!";
        $_SESSION['status'] = $mal;
        $_SESSION['upload'] = $deny_up;
        header("location: ../upload.php");
        exit(0);
    }


}
else 
{
    echo "SORRY, There was a Problem Uploading Your File."; exit(0);
    $err_upload = "SORRY, There was a Problem Uploading Your File.";
    $_SESSION['err'] = err_upload;
    header("location: ../upload.php");
    exit(0);
}

它为所有文件（恶意和非恶意）打印$ int的值为1这是我第二次尝试使用不同的AV现在我正在使用Avira并且在使用clamscan之前

有人可以与我分享一些提示，并告诉我发生了什么

PS系统安装在XAMPP上，如果这有任何区别

Answer 1

你能更具体地说明在这里不起作用的事吗？从理论上讲，你所做的事情至少对于ClamAV来说似乎很好，因为它有这些返回码（来自man clamscan）：

RETURN CODES
       0 : No virus found.

       1 : Virus(es) found.

       2 : Some error(s) occured.

也许它想记录exec调用的输出，如果你没有得到退出代码，你期望原因应该在输出中（比如缺少一个命令行标志）。

使用命令行AV在安全文件上载脚本中出现问题

1 个答案: