Antivirus to scan document uploads?

I host application servers for a website and to allow users to upload documents, we need them to be scanned first by AV software. I assume I will need to find AV with some sort of API to trigger the scan. Does anyone know how to approach this problem?
John GrahamAsked:
Who is Participating?
 
Blue Street TechLast KnightCommented:
Hi John,

I agree with Mal, and in addition run ESET Antivirus Security on the server along with EMET. I'd recommend SonicWALL security appliance with AGSS (Advanced Gateway Security Suite). That will provide all the security on the gateway you will need to stop ransomware, zero-day exploits, etc., plus hardware support.

Both AGSS, ESET and EMET will scan in real-time (as soon as the data is being uploaded it is being inspected on a packet & file level respectively) so there is no need for an event or api trigger. Scheduled scanning can occur with ESET daily.

I cannot emphasize enough that just having these products is not security...you have to know how to configure them to protect your environment. Security is not a product!

Let me know if you have questions!
1
 
Mal OsborneAlpha GeekCommented:
One possibility would be to drop an Next Generation Firewall in front of the incoming connection, and have it filter out various attacks and types of Malware.  Cisco ASA range, as well as devices by SonicWALL, Fortigate and Watchguard  are worth considering.

Not sure how your infrastructure is set up, but usual best practice would be to have the publically accessible servers in a Demilitarised Zone (DMZ), on a separate interface and subnet from the production network.
2
 
AlanConsultantCommented:
Not sure of the ToS, but you might also be able to send a copy of each file to virustotal.com?

If so, then I would do that as well as, not instead of, any of the above.

Alan.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
J SpoorTMECommented:
Like Blue Street Tech,  I advise a two tiered level,
AV on the server as last line of defense, and a Next Generation Firewall as Gateway AV.
For the latter, when looking in the market be aware that many NGFW vendors impose file size limits on their Gateway AV. SonicWall is one of the few without any filesize limits, and can scan and catch viruses in any file size.
0
 
myramuCommented:
Hello,

For effective multi vendor scanning you may use the Virus Total private service. For details on API integration refer the below article,
https://www.virustotal.com/en/documentation/private-api/

Good Luck!
0
 
John GrahamAuthor Commented:
Thanks everyone for the amazing replies. My app server runs Java Enterprise Edition to communicate and send files to the database servers. I want to make sure the files are scanned as they are uploaded. Luckily I do have a NGFW already as well at my boundary to mitigate risks.
0
 
Blue Street TechLast KnightCommented:
I cannot emphasize enough that just having these products are NOT security...you have to know how to configure them to protect your environment from threats. Security is not a product...its a process! Both the Gateway and Endpoint AV security services need to be configured and the DMZ needs to be locked down to only allow specific ports/services from running to Zone to Zone, e.g. WAN>DMZ, DMZ>LAN & LAN>DMZ.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.