• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 261
  • Last Modified:

Anti-virus Scan of Programatic Memory Stream

We are working on a web-based content management solution that allows for uploading files to a database environment.  Files are only written to the hard drive in encrypted fashion, and when decrypted later any virus-laden file can be caught due to temporary writes, but we'd rather trap the file on the way in if it is carrying a virus.  So far the only potential solutions I've been able to find have written files to temporary storage, scanned through the command-line, and checked the error code, but surely there's a better mechanism to allow the scanning of a Windows memory stream.  Any ideas?
0
wtr666
Asked:
wtr666
1 Solution
 
Phil_AgcaoiliCommented:
What you have described is a current vulnerability of modern Antivirus solutions.

To deceive virus scanners which filter incoming messages and downloads, more and encrypted archives are delivered to bypass scanning engines. It is impossible for current virus scanners to decide if a virus is contained in an excrypted archive, therefore e-mails or downloaded files with an encrypted or password protected archive attachments are are rendered useless to prevent security risks.

What you are suggesting in the temp space is the best solution I've seen so far to mitigate this issue because even in the memory stream, the files need to be decrypted.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now