Solved

Anti-virus Scan of Programatic Memory Stream

Posted on 2006-07-11
3
246 Views
Last Modified: 2013-12-04
We are working on a web-based content management solution that allows for uploading files to a database environment.  Files are only written to the hard drive in encrypted fashion, and when decrypted later any virus-laden file can be caught due to temporary writes, but we'd rather trap the file on the way in if it is carrying a virus.  So far the only potential solutions I've been able to find have written files to temporary storage, scanned through the command-line, and checked the error code, but surely there's a better mechanism to allow the scanning of a Windows memory stream.  Any ideas?
0
Comment
Question by:wtr666
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 12

Accepted Solution

by:
Phil_Agcaoili earned 500 total points
ID: 17106000
What you have described is a current vulnerability of modern Antivirus solutions.

To deceive virus scanners which filter incoming messages and downloads, more and encrypted archives are delivered to bypass scanning engines. It is impossible for current virus scanners to decide if a virus is contained in an excrypted archive, therefore e-mails or downloaded files with an encrypted or password protected archive attachments are are rendered useless to prevent security risks.

What you are suggesting in the temp space is the best solution I've seen so far to mitigate this issue because even in the memory stream, the files need to be decrypted.
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question