PDF Merge and Strict file validation on upload

Forum|Forum|7 years ago
February 22, 2018
1 reply
571 views

Hi,

Can someone tell me if antivirus software is recommend when doing strict validation on file uploads or using the PDF merge feature?

Thanks in Advance.

This topic has been closed for replies.

D

Dave Watts

Community Expert

I'm not a big fan of antivirus software on servers, as I've seen it cause a lot of problems. But if you have specific directories where untrusted users can place files, you may want to use a simple virus scan of those specific directories. You can use ClamAV for this kind of simple scan, I think.

Dave Watts, Fig Leaf Software

Dave Watts, Eidolon LLC

G

geaux_saintsAuthor

Participating Frequently

Thanks Dave.. I guess my real questions are, would the server in either of these scenarios be vulnerable to an infected file?

cffile upload function using a "strict" attribute

or

the use of PDF Merge

Thanks,

Shannon

D

Dave Watts

Community Expert

I always hesitate to say "no" when anyone asks me if something could potentially be insecure. But I doubt the server itself would be vulnerable to anything there, as long as nothing additional happened after that file upload.

But what if the attack didn't target the server, but other clients? I upload a file that's malicious in some way, it gets placed where another user can download it, they download it and are compromised.

Dave Watts, Fig Leaf Software

Dave Watts, Eidolon LLC

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded