Scanning of file for virus when file upload is useded in a HTML form

I hope that I put this in the correct category, but here goes. On my companies website we have a page for the HR department that allows people to apply for jobs. On the form, (no scripts are running) which was created through FrontPage we have a section to paste your resume. Once the form is submitted and emailed to designated email address because of the text box that is used to paste the resume in, all formatting (obviously) is lost. As the request from my HR department they would like to have the resumes uploaded, so all formatting is intact. My concern is what type of security risk does this run for viruses. Are the files scanned RIGHT AWAY after the file is completely uploaded or do we have to wait until the daily scan set in the configuration of the Anti Virus program? We are using Symantec Antivirus Corp Edition 10. Thank you all for your help in this matter!!!!
LVL 9
mystics7Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mugman21Commented:
Symantec scans files ON ACCESS. Norton antivirus (Symantec) uses a file system filter driver (like all mainstream AV software) to read a file while it's being loaded in memory. If there is something nasty in it, the filestream will be closed before anything bad can happen.

If the applicant's resume is being pasted in as plain text, there is no formating being lost because there IS NONE. Text documents are not formated like HTML is (the reason we use html in webpages instead of txt documents). Just be wary of word documents since they can contain vbs macros.

Third, since the resume is feed in, and then emailed to your HR department, most likely there is an AV product on the mail server scanning also, so if there was something malicious in the resume the mail server would catch it before it ever was sent to HR.

Forth, and scripting language used in an attack, like js or vbs, would have to have an appropriate file extension in order for the correct intrepreting engine to read and execute those instructions. For example, for vbs (visual basic script) to harm you, the file would have to have a .vbs extension. VBS included in a .txt document is worthless. Now, vbs or js could be interpreted if the received file was a .htm or .html file, but then again, the AV would catch that. I download the love letter virus to take a look at it (it was in a .txt document) and my AV was STILL freaking out about it.....

Hope I didn't confuse you.

Mugman

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mystics7Author Commented:
Thank you very much for your quick reply this sheds alot of lite on the situation. It was help full and informative!!!!!!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.