SMF Support > SMF 2.0.x Support

Does the attachments function in SMF come with virus scanning/protection?

(1/1)

Groovystar:
i was just wondering, so that if I decided to enable attachments on my site, whether there is an embedded automatic virus protection mechanism that prevents infected files from being uploaded?

live627:
No. The closest it gets is verifying an image (PNG, JPEG, GIF, and maybe BMP) is REALLY an image. Said protection trips up PSD files, so they always err.

Groovystar:
Is there a way to implement a virus scanner? We wouldn't be allowing attachments of PSD files anyway, we'd pretty much just use it to let members display Gif, JPG and PNG images.

How do large sites that allow uploads, like blogger, Photobucket and Tinypic, get around this security problem?

Arantor:
If you're validating that the file is gif, jpg and png, and is really that, it's pretty much safe from viruses anyway.

Implementing full scale virus protection is... difficult... in a PHP app, it's very time consuming and not even that reliable (given how poor the concept of blacklisting is for virus signatures)

They do it the same way SMF does - validating that you're uploading an image and that it really is an image.

Groovystar:
Ok thanks. :) I've just heard of people uploading infected images.

Navigation

[0] Message Index