Antivirus to scan document uploads?

I host application servers for a website and to allow users to upload documents, we need them to be scanned first by AV software. I assume I will need to find AV with some sort of API to trigger the scan. Does anyone know how to approach this problem?
John GrahamAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mal OsborneAlpha GeekCommented:
One possibility would be to drop an Next Generation Firewall in front of the incoming connection, and have it filter out various attacks and types of Malware.  Cisco ASA range, as well as devices by SonicWALL, Fortigate and Watchguard  are worth considering.

Not sure how your infrastructure is set up, but usual best practice would be to have the publically accessible servers in a Demilitarised Zone (DMZ), on a separate interface and subnet from the production network.
2
Blue Street TechLast KnightCommented:
Hi John,

I agree with Mal, and in addition run ESET Antivirus Security on the server along with EMET. I'd recommend SonicWALL security appliance with AGSS (Advanced Gateway Security Suite). That will provide all the security on the gateway you will need to stop ransomware, zero-day exploits, etc., plus hardware support.

Both AGSS, ESET and EMET will scan in real-time (as soon as the data is being uploaded it is being inspected on a packet & file level respectively) so there is no need for an event or api trigger. Scheduled scanning can occur with ESET daily.

I cannot emphasize enough that just having these products is not security...you have to know how to configure them to protect your environment. Security is not a product!

Let me know if you have questions!
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AlanConsultantCommented:
Not sure of the ToS, but you might also be able to send a copy of each file to virustotal.com?

If so, then I would do that as well as, not instead of, any of the above.

Alan.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

J SpoorTMECommented:
Like Blue Street Tech,  I advise a two tiered level,
AV on the server as last line of defense, and a Next Generation Firewall as Gateway AV.
For the latter, when looking in the market be aware that many NGFW vendors impose file size limits on their Gateway AV. SonicWall is one of the few without any filesize limits, and can scan and catch viruses in any file size.
0
myramuCommented:
Hello,

For effective multi vendor scanning you may use the Virus Total private service. For details on API integration refer the below article,
https://www.virustotal.com/en/documentation/private-api/

Good Luck!
0
John GrahamAuthor Commented:
Thanks everyone for the amazing replies. My app server runs Java Enterprise Edition to communicate and send files to the database servers. I want to make sure the files are scanned as they are uploaded. Luckily I do have a NGFW already as well at my boundary to mitigate risks.
0
Blue Street TechLast KnightCommented:
I cannot emphasize enough that just having these products are NOT security...you have to know how to configure them to protect your environment from threats. Security is not a product...its a process! Both the Gateway and Endpoint AV security services need to be configured and the DMZ needs to be locked down to only allow specific ports/services from running to Zone to Zone, e.g. WAN>DMZ, DMZ>LAN & LAN>DMZ.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.