Skip to main content
Participating Frequently
February 22, 2018
Question

PDF Merge and Strict file validation on upload

  • February 22, 2018
  • 1 reply
  • 571 views

Hi,

Can someone tell me if antivirus software is recommend when doing strict validation on file uploads or using the PDF merge feature?

Thanks in Advance.

    This topic has been closed for replies.

    1 reply

    Community Expert
    February 22, 2018

    I'm not a big fan of antivirus software on servers, as I've seen it cause a lot of problems. But if you have specific directories where untrusted users can place files, you may want to use a simple virus scan of those specific directories. You can use ClamAV for this kind of simple scan, I think.

    Dave Watts, Fig Leaf Software

    Dave Watts, Eidolon LLC
    Participating Frequently
    February 22, 2018

    Thanks Dave.. I guess my real questions are, would the server in either of these scenarios be vulnerable to an infected file?

    cffile upload function using a "strict" attribute

    or

    the use of PDF Merge

    Thanks,

    Shannon

    Community Expert
    February 22, 2018

    I always hesitate to say "no" when anyone asks me if something could potentially be insecure. But I doubt the server itself would be vulnerable to anything there, as long as nothing additional happened after that file upload.

    But what if the attack didn't target the server, but other clients? I upload a file that's malicious in some way, it gets placed where another user can download it, they download it and are compromised.

    Dave Watts, Fig Leaf Software

    Dave Watts, Eidolon LLC