Upload a Program to Check for Virus
Introduction
Virtually ASP.NET Spider web applications accept file upload functionality where users tin upload files and those files are saved on a server or blob storage. But without performing anti-virus scanning or other content checking against the uploaded file, attackers could target other users of the application by uploading malware to the server.
The awarding should perform filtering and content checking on any files which are uploaded to the server. Files should be thoroughly scanned and validated against an antivirus scanner with up-to-appointment virus signatures before being made bachelor to other users. Whatsoever files flagged as malicious should be discarded or deleted immediately.
To achieve this, we will apply open source antivirus engine called ClamAV via nClam NuGet bundle, a pure .Internet client to ClamAV.
This article demonstrates how nosotros can perform secure and effective file scanning using ClamAV antivirus.
Prerequisites
- ClamAV server should be up and running on specific port. In case, y'all desire to run ClamAV server in localhost, you lot can follow subsequent steps below.
Running ClamAV on localhost using Docker Image
This step is optional if you already take the ClamAV server. Here I used docker image as simplest and easiest way to run information technology.
ClamAV demon is a Dockerized open up source antivirus image. Let'due south follow below simple steps to install and running on localhost via default TCP port 3310. I am assuming yous have Docker desktop latest version installed and running on your PC.
Execute below commands from command prompt.
- docker run -d -p 3310:3310 mkodockx/docker-clamav:alpine
- docker run -d -p 3310:3310 mk0x/docker-clamav
- docker ps
The ClamAV Server is at present prepare!
For more details, you can check here.
Implementing ClamAV Antivirus scan on uploaded files in .Internet awarding
At present we are fix to run on-demand scans and annihilation from code using nClam. To demonstrate an example, here I created a simple file upload UI in ASP.Internet Core MVC Web application (yous can have like ASP.NET website in WebForms or MVC with file upload input) where nosotros will browse and upload unlike types of file like PDF, Epitome, Cipher, DCOX etc.
The Approach
- Install nClam NuGet package.
- Add ClamAV server and port to config file.
- Read file from File upload and catechumen to byte array.
- Scan file byte assortment against ClamClient and validate ClamScanResult object.
- Test ClamAV scan confronting a valid file
- Test ClamAV scan against an Anti Malware test file
Step 1 - Install nClam NuGet package
Install below NuGet package from NuGet package manager into your project.
- < PackageReference Include = "nClam" Version = "4.0.1" />
Step two - Add together ClamAV server and port to appsettings.json
- "ClamAVServer": {
- "URL": "localhost",
- "Port": "3310"
- }
Stride 3
Read file from File upload and convert to byte assortment
Pace 4 - Scan file byte array against ClamClient and validate ClamScanResult object
ClamClient browse effect returns with ClamScanResult enum values which tell you if your scan was clean or a virus was detected. Here is some sample lawmaking:
- private readonly ILogger<HomeController> _logger;
- private readonly IConfiguration _configuration;
- public HomeController(ILogger<HomeController> logger,IConfiguration configuration)
- {
- _logger = logger;
- _configuration = configuration;
- }
- [HttpPost]
- public async Chore<IActionResult> UploadFile(IFormFile file)
- {
- if (file == null || file.Length == 0)
- return Content( "file not selected" );
- var ms =new MemoryStream();
- file.OpenReadStream().CopyTo(ms);
- byte [] fileBytes = ms.ToArray();
- effort
- {
- this ._logger.LogInformation( "ClamAV browse begin for file {0}" , file.FileName);
- var mollusk =new ClamClient( this ._configuration[ "ClamAVServer:URL" ],
- Convert.ToInt32(this ._configuration[ "ClamAVServer:Port" ]));
- var scanResult = look clam.SendAndScanFileAsync(fileBytes);
- switch (scanResult.Result)
- {
- example ClamScanResults.Make clean:
- this ._logger.LogInformation( "The file is clean! ScanResult:{1}" , scanResult.RawResult);
- break ;
- case ClamScanResults.VirusDetected:
- this ._logger.LogError( "Virus Found! Virus name: {i}" , scanResult.InfectedFiles.FirstOrDefault().VirusName);
- break ;
- case ClamScanResults.Fault:
- this ._logger.LogError( "An error occured while scaning the file! ScanResult: {1}" , scanResult.RawResult);
- pause ;
- example ClamScanResults.Unknown:
- this ._logger.LogError( "Unknown scan result while scaning the file! ScanResult: {0}" , scanResult.RawResult);
- pause ;
- }
- }
- catch (Exception ex)
- {
- this ._logger.LogError( "ClamAV Browse Exception: {0}" , ex.ToString());
- }
- this ._logger.LogInformation( "ClamAV scan completed for file {0}" , file.FileName);
- return RedirectToAction( "Index" );
- }
In case you accept file content in base 64 strings, and then convert it to byte array and ship the same byte array to ClamClient for scanning.
Step 5 - Test ClamAV scan against a valid file
At present we are ready to test our code against a valid PDF and images.
Step 6 - Test ClamAV scan against anAnti Malware test file
As a POC, the EICAR file was uploaded. This is a sample file used to examination the response of anti-virus software. You can download a sample file from https://world wide web.eicar.org/?page_id=3950. Yous may need to pause you antivirus protection on your device to perform this activity.
Below information is from application panel log,
Conclusion
In this article, nosotros have seen how to run ClamAV in localhost using docker image and implemented and tested antivirus scan with a valid file and a virus infected file. The awarding identified the upload of this file with scan issue, now you can add your logic to remove the file. Hope yous plant this information useful! Sharing is caring!
Source: https://www.c-sharpcorner.com/article/clamav-antivirus-scan-on-file-upload-content-in-net-application/
0 Response to "Upload a Program to Check for Virus"
إرسال تعليق