/** * Validate file * * @param array $file * @param int $max_file_size MB * @param string $allowed_file_extension * @return bool TRUE if valid ot FALSE if else */ public static function fileValid($file, $max_file_size, $allowed_file_extension) { // Dependencies test if (!isset($file['tmp_name']) || !isset($file['name'])) { return false; } // Check for array keys existing if (empty($file['tmp_name']) || empty($file['name'])) { return false; } // Test for allowed extension if (mb_strtolower($allowed_file_extension) != @pathinfo($file['name'], PATHINFO_EXTENSION)) { return false; } // Test for maximum file size if ($max_file_size < @filesize($file['tmp_name']) / 1000000) { return false; } // ClamAV scanning for viruses if (CL_VIRUS == cl_scanfile($file['tmp_name'])) { return false; } // Success return true; }
public function validate(\Foundation\Form\Input $input) { $fileArr = $input->get($this->e->getName()); $retcode = cl_scanfile($fileArr['tmp_name'], $virusname); if ($retcode == CL_VIRUS) { unlink($fileArr['tmp_name']); $this->addError('Virus Detection Error: ' . cl_pretcode($retcode) . " {$virusname}."); return false; } return true; }
function isClean($filename, $orig_filename = '') { $ret_val = true; if (!empty($filename) and file_exists($filename)) { // call scanner on file if (isset($this->_php) and !empty($this->_php) and $this->_php) { // viren scanning with PHP - clamscan - lib if ($virus_name = cl_scanfile($filename)) { if (!empty($orig_filename)) { $filename_text = $orig_filename; } else { $filename_text = $filename; } if (mb_strtoupper($virus_name, 'UTF-8') != 'OVERSIZED.ZIP') { $this->_virus_name = $virus_name; $this->_output = $this->_translator->getMessage('VIRUS_VIRUS_FOUND', $virus_name, $filename_text); unlink($filename); $ret_val = false; } } } elseif (file_exists($this->_path . "/" . $this->_bin)) { // viren scanning with shell command $output = shell_exec($this->_path . "/" . $this->_bin . " " . escapeshellcmd($filename . " | grep FOUND")); if ($output != '' and mb_stristr($output, 'FOUND')) { // maybe its only the filename, so remove it from output $output = str_replace($filename . ': ', "", $output); if (mb_stristr($output, 'FOUND') and !mb_stristr($output, 'Oversized.Zip')) { // still a 'FOUND' in output? $ret_val = false; $virus_name = str_replace(' FOUND', "", $output); $this->_virus_name = $virus_name; if (!empty($orig_filename)) { $filename_text = $orig_filename; } else { $filename_text = $filename; } $this->_output = $this->_translator->getMessage('VIRUS_VIRUS_FOUND', $virus_name, $filename_text); unlink($filename); } } } else { $ret_val = false; $this->_output = $this->_translator->getMessage('VIRUS_SCANNER_NOT_FOUND', $this->_path . "/" . $this->_bin); } } return $ret_val; }
/** * Does validation on the current upload. * * @access protected * @param boolean $import * @return boolean */ protected function _validates($import = false) { $current = $this->_data[$this->_current]; $grouping = self::checkMimeType($current['ext'], $current['type']); if ($grouping) { $this->_data[$this->_current]['group'] = $grouping; } else { if (!$import) { return false; } } // Only validate uploaded files, not imported if (!$import && !isset($current['stream'])) { if ($current['error'] > 0 || !is_uploaded_file($current['tmp_name']) || !is_file($current['tmp_name'])) { return false; } // Requires the ClamAV module to be installed if ($this->scanFile && $this->_loadExtension('clamav')) { cl_setlimits(5, 1000, 200, 0, 10485760); if (cl_scanfile($current['tmp_name'])) { return false; } } } return true; }
/** * Does validation on the current upload * @access private * @return boolean */ private function __validates() { $validExt = false; $validMime = false; // Check valid mime type! if (!isset($this->__data[$this->__current]['group'])) { $this->__data[$this->__current]['group'] = ''; } foreach ($this->__mimeTypes as $grouping => $mimes) { if (isset($mimes[$this->__data[$this->__current]['ext']])) { $validExt = true; } $currType = mb_strtolower($this->__data[$this->__current]['type']); foreach ($mimes as $mimeExt => $mimeType) { if ($currType == $mimeType || is_array($mimeType) && in_array($currType, $mimeType)) { $validMime = true; break; } } if ($validExt === true && $validMime === true) { $this->__data[$this->__current]['group'] = $grouping; } } if ($validExt === false || $validMime === false) { return false; } // Correctly uploaded? if ($this->__data[$this->__current]['error'] > 0 || !is_uploaded_file($this->__data[$this->__current]['tmp_name']) || !is_file($this->__data[$this->__current]['tmp_name'])) { return false; } // Requires the ClamAV module to be installed // http://www.clamav.net/ if ($this->scanFile === true) { if (!extension_loaded('clamav')) { @dl('clamav.' . PHP_SHLIB_SUFFIX); } if (extension_loaded('clamav')) { cl_setlimits(5, 1000, 200, 0, 10485760); //clam_get_version(); if ($malware = cl_scanfile($this->__data[$this->__current]['tmp_name'])) { return false; } } } return true; }
echo "<b>cl_version() return : </b>" . cl_version() . $br; /* Run cl_retcode() and return result for a CL_CLEAN and CL_VIRUS */ echo "<b>cl_pretcode(CL_CLEAN) return : </b>" . cl_pretcode(CL_CLEAN) . $br; echo "<b>cl_pretcode(CL_VIRUS) return : </b>" . cl_pretcode(CL_VIRUS) . $br; /* For future use */ //echo "<b>cl_engine_get_num(\"CL_ENGINE_MAX_SCANSIZE\") return : </b>".cl_engine_get_num("CL_ENGINE_MAX_SCANSIZE").$br; //echo "<b>cl_engine_get_num(\"CL_ENGINE_MAX_FILESIZE\") return : </b>".cl_engine_get_num("CL_ENGINE_MAX_FILESIZE").$br; //echo "<b>cl_engine_get_num(\"CL_ENGINE_MAX_RECURSION\") return : </b>".cl_engine_get_num("CL_ENGINE_MAX_RECURSION").$br; /* Start counter for bench execution time */ $time_start = microtime(true); /* Run cl_engine() for set the limits values on scan */ cl_engine(10000, 734003200, 734003200, 25, 0); /* Set max_execution_time to 120 second * Only if safe_mode is disabled */ ini_set('max_execution_time', 120); /* Run a cl_scanfile() and return the result into $retcode and the virus name if found in $virusname */ $retcode = cl_scanfile($file, $virusname); /* Restore max_execution_time value from php.ini */ ini_restore('max_execution_time'); /* Stop counter for bench execution time */ $time_end = microtime(true); $time = $time_end - $time_start; /* Check if a virus founded by scan */ if ($retcode == CL_VIRUS) { echo "<b>Execution time : </b>" . round($time, 2) . " seconds" . $br . "<b>File path : </b>" . $file . $br . "<b>Return code : </b>" . cl_pretcode($retcode) . $br . "<b>Virus found name : </b>" . $virusname . $br; } else { echo "<b>Execution time : </b>" . $time . " seconds" . $br . "<b>File path : </b>" . $file . $br . "<b>Return code : </b>" . cl_pretcode($retcode) . $br; } } else { echo "Module {$module} is not loaded into PHP"; }