• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 175
  • Last Modified:

Scanning of file for virus when file upload is useded in a HTML form

I hope that I put this in the correct category, but here goes. On my companies website we have a page for the HR department that allows people to apply for jobs. On the form, (no scripts are running) which was created through FrontPage we have a section to paste your resume. Once the form is submitted and emailed to designated email address because of the text box that is used to paste the resume in, all formatting (obviously) is lost. As the request from my HR department they would like to have the resumes uploaded, so all formatting is intact. My concern is what type of security risk does this run for viruses. Are the files scanned RIGHT AWAY after the file is completely uploaded or do we have to wait until the daily scan set in the configuration of the Anti Virus program? We are using Symantec Antivirus Corp Edition 10. Thank you all for your help in this matter!!!!
0
mystics7
Asked:
mystics7
1 Solution
 
mugman21Commented:
Symantec scans files ON ACCESS. Norton antivirus (Symantec) uses a file system filter driver (like all mainstream AV software) to read a file while it's being loaded in memory. If there is something nasty in it, the filestream will be closed before anything bad can happen.

If the applicant's resume is being pasted in as plain text, there is no formating being lost because there IS NONE. Text documents are not formated like HTML is (the reason we use html in webpages instead of txt documents). Just be wary of word documents since they can contain vbs macros.

Third, since the resume is feed in, and then emailed to your HR department, most likely there is an AV product on the mail server scanning also, so if there was something malicious in the resume the mail server would catch it before it ever was sent to HR.

Forth, and scripting language used in an attack, like js or vbs, would have to have an appropriate file extension in order for the correct intrepreting engine to read and execute those instructions. For example, for vbs (visual basic script) to harm you, the file would have to have a .vbs extension. VBS included in a .txt document is worthless. Now, vbs or js could be interpreted if the received file was a .htm or .html file, but then again, the AV would catch that. I download the love letter virus to take a look at it (it was in a .txt document) and my AV was STILL freaking out about it.....

Hope I didn't confuse you.

Mugman
0
 
mystics7Author Commented:
Thank you very much for your quick reply this sheds alot of lite on the situation. It was help full and informative!!!!!!!
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now