Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
It would seem that if files are being maintained in some sort of repository, then perhaps an antivirus filter should be applied to them at the point of entry. If a site allows anonymous users (or just not-too-bright ones) to upload files, then this could certainly become a problem. Check out ClamAV. It looks fairly easy to use, and has a MS counterpart. In fact, since it has a command-line interface, it might be a rather simple task to implement.
Issue fork filestore2-7450
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #1
gordon CreditAttribution: gordon commentedYes this could be done, I will do this when I have time, and do it in filestore2.
All that really needs to be done is to add an extra field to the _settings() subroutine to tell filestre where the the clamav executable is, and then in the _validate() run clamav over newly uploaded files.
Comment #2
gordon CreditAttribution: gordon commentedComment #3
m3avrck CreditAttribution: m3avrck commentedWould love to see this as well :)
Comment #4
javanaut CreditAttribution: javanaut commentedI know that Robert Douglas was working on an upload API (not filestore2, but drupal's built-in upload functionality). It has a validation hook that would allow such a feature to exist. The API docs are here: http://drupaldocs.org/api/head/function/upload_nodeapi
Comment #5
mgiffordThis still seems to be one of the most relevant threads about this subject, so just to say that this is the correct link for above:
http://api.drupal.org/api/function/upload_nodeapi/6
Looks like you'd need to add to the $validators array in the upload.module that passes values to includes/file.inc's file_save_upload() function and probably write a file_validate_virus_free() function to call clamav from the command line.
Anyways, there is a bit of interest in this idea (but it is also old now)
http://drupal.org/node/82226
http://drupal.org/node/82019
Mike