How can I scan an incoming file upload (or a datastream) into a webserver and database for virus/malware?
I know how (using the excellent Clam) to scan things after they have been uploaded, but I would like to do the scanning before I upload them into the server. I know scanning before uploading is possible because I have seen it on some websites: they do a virus-scan before uploading the file. How is this done?
My current (probably naive) line of thought is to actually upload the files into the server, store them in a special location where only one specific/special user has access, then do the scanning. Finally, move the scanned files into the database. Is there a better way?
An intrusion prevention system on the network layer is one approach, AV scanning in a (reverse) proxy another.
A common approach is that you apply restrictions on allowed file-name extensions client side before accepting the upload, (but that is hardly fool proof and easily circumvented) and then server-side a quick check to verify if indeed the upload is an allowed file-type and then a pass by a virus scanner before storing the file in it's final location.