Reputation: 21
how to check if user's uploaded files are secure
I am new to flask. My apology if this question has been discussed before. I am wondering if my app allows users to upload their files, how can I ensure their uploaded files are secure, no virus or no threats to the server? Should I use any specific anti-virus softwares to scan their files? Or is there any file permission for specific folders or files I should set up. Let's say if I am using Apache as server on Linux for example. I've been looking for solution to this for a bit, but still did not find clear answers. Really appreciate if there is any suggestion.
Upvotes: 1
Views: 2445
Answers (1)
Reputation: 3571
You can do what the SMTP servers (email) administrators do, install Clamd or a similar antivirus, and use it to analyze the received files.
Here you can find a tutorial for installing it on CentOS https://www.centosblog.com/how-to-install-clamav-and-configure-daily-scanning-on-centos/
As you tagged your question with python here's an extension that you can use to interact with clamd from python, it is properly called pyClamd http://xael.org/pages/pyclamd-en.html
Also, being a Linux machine, if nothing uploaded ever gets the +x permission it won't be executed, so you're protecting users that download the files, not the machine itself, because the machine is protected by being a Linux system.
Upvotes: 3
Related Questions
- Testing file uploads in Flask
- How can I restrict file types and make my code more secure?
- flask check if user selected a file to upload
- deny already uploaded files in flask
- Check Flask upload if user does not selected file
- What does `if file` check for when uploading a file in Flask
- How to secure files upload using django
- protecting user uploaded files django
- Django file upload input validation and security
- Validating Uploaded Files in Django