asp.netantivirusajax-upload

How can you check the results of a virus scan in asp.net c#?


I have an ajax uploader to allow a user to upload a picture to the program that will display back to the user afterwards. I would like to check this file for viruses before allowing the file to stay in the server. Below is the code where it sends the file to the virus scanner. I would like to be able to see if the scan results yield a virus and then delete it from the server if it does have a virus.

try
{
    Process myProcess = new Process();
    myProcess.StartInfo.FileName = @"C:\Program Files\AVG\AVG8\avgscanx.exe";
    //myProcess.StartInfo.FileName=@"C:\Program Files\ClamWin\bin\clamscan.exe";
    string myprocarg = @"""C:\Documents and Settings\Administrator.USER20501\My Documents\Luke's Projects\DADS\212\Images\FinalLogo" + file.ClientFileName + @"""";
    myProcess.StartInfo.Arguments = myprocarg;
    myProcess.OutputDataReceived += new DataReceivedEventHandler(myProcess_OutputDataReceived);
    myProcess.ErrorDataReceived += new DataReceivedEventHandler(myProcess_ErrorDataReceived);
    myProcess.StartInfo.RedirectStandardOutput = true;
    myProcess.StartInfo.RedirectStandardError = true;
    myProcess.StartInfo.UseShellExecute = false;
    myProcess.StartInfo.CreateNoWindow = true;
    myProcess.Start();
    myProcess.BeginOutputReadLine();
    myProcess.WaitForExit();
}
catch (Exception)
{

} 

void myProcess_OutputDataReceived(object sender, DataReceivedEventArgs e)
{
    // this value will always be null.......
    string s = e.Data.ToString();
}

void myProcess_ErrorDataReceived(object sender, DataReceivedEventArgs e)
{
    string s = e.Data.ToString();
}

Solution

  • It's a rare coincidence that the user uploads a special hand-crafted jpg/png/whatever image file exploiting an unknown (antivirus useless in this case) vulnerability of the reading components/libraries.

    Still more rare if the vulnerability is known and your AV knows the exploit signature (or intercepts the exploit before running it) blocking it and safe-guarding your system (with libraries not up-to-date).

    Even more rare if the abovementioned operating system has DEP and ASLR aware (fully enforced) components.