How to Programatically Scan a File

Question

Note: being asked here because I guarantee the Security stack will close it for being a programming question.

I have a web application (in this case, Java on Tomcat) for which I occasionally need to allow the user to upload files. Even though I generally have trustworthy users, in my business we assume anybody and everybody could potentially be an insider threat (or just plain dumb). Therefore, I would like to have the uploaded file go directly to a "quarantine" directory, programmatically fire off a scan, and only if the scan succeeds, copy it to the intended destination folder for processing.

The only fly in the ointment is figuring out (a) how to fire off a scan, on demand, programmatically (let's assume we're using the McAfee suite of tools) and (b) how to get notification back when the scan is complete. Is it possible? If so, has anyone done it and can give me pointers?

Answer 1

We do this. We have a queue system so workers can pickup the file operations and perform them async. but The general flow is to scan the file using a command, and update the database to track status.

1. write the file to a dir
2. note the file information in a database with location=x; scanned=no;
3. read the docs for mcaffee, but there should be a way to run a scan via the command line or via an SDK. I'd probably run it via command line to scan the file, and assume the command will return some information (0 or !=0 on error or bad results)
4. If the file scanner returns non-zero, then set scanned=infected;
5. if the file scanner returns clean, then set scanned=clean;

Set the processing code to only process files that are scanned=clean;

Note: @David Conrad found the instructions for running the command line scanner https://kc.mcafee.com/corporate/index?page=content&id=KB75478 ; upvote that guy.