You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@commons.apache.org by "CHOY, ALAN" <al...@cgi.com> on 2004/01/27 13:11:40 UTC
[fileupload] how does it handle anti-virus?
I'm wondering how FileUpload handles file which is infected with virus.
I've tried Struts 1.0.2, which used its own library, and when a virus
infected file is uploaded, it triggered the anti-virus software on the
server immediately, and the FormFile that I got was null.
However when I used Struts 1.1 (which used FileUpload by default), the
virus infected file was able to upload to the server successfully just
like a regular file. Does anyone have any experience in this area?
--
Alan Choy
Consultant, E-Business and Customer Care
CGI Services to BCE
Phone: (416) 440-2481
Site : 50 Eglinton Ave. E, 5th Floor
Email: alan.choy@cgi.com
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org
Re: [fileupload] how does it handle anti-virus?
Posted by Martin Cooper <ma...@apache.org>.
On Wed, 28 Jan 2004, CHOY, ALAN wrote:
> Thanks Craig for your information.
>
> I was told that the anti-virus software on the server will be triggered when the
> uploaded file (or file stream) is closed. Assume this is the case, would you
> please compare the mechanism/timing of file close between Struts 1.0.2 and
> FileUpload package? Thanks.
Depending on the size of the uploaded file, it's possible that in one case
the file was written to disk, while in the other case it was retained in
memory. In the latter case, obviously, the anti-virus software would not
be triggered.
--
Martin Cooper
> ______________________________________________________________
>
> "Craig R. McClanahan" wrote:
>
> > Quoting "CHOY, ALAN" <al...@cgi.com>:
> >
> > > I'm wondering how FileUpload handles file which is infected with virus.
> > > I've tried Struts 1.0.2, which used its own library, and when a virus
> > > infected file is uploaded, it triggered the anti-virus software on the
> > > server immediately, and the FormFile that I got was null.
> > >
> > > However when I used Struts 1.1 (which used FileUpload by default), the
> > > virus infected file was able to upload to the server successfully just
> > > like a regular file. Does anyone have any experience in this area?
> > >
> >
> > Neither the file upload code in Struts 1.0.2, nor the code in
> > commons-fileupload, pays attention to the content of the uploaded file. Any
> > triggering of anti-virus software on the content was being done by some other
> > code.
> >
> > > Alan Choy
> >
> > Craig
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: commons-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org
Re: [fileupload] how does it handle anti-virus?
Posted by "CHOY, ALAN" <al...@cgi.com>.
Thanks Craig for your information.
I was told that the anti-virus software on the server will be triggered when the
uploaded file (or file stream) is closed. Assume this is the case, would you
please compare the mechanism/timing of file close between Struts 1.0.2 and
FileUpload package? Thanks.
______________________________________________________________
"Craig R. McClanahan" wrote:
> Quoting "CHOY, ALAN" <al...@cgi.com>:
>
> > I'm wondering how FileUpload handles file which is infected with virus.
> > I've tried Struts 1.0.2, which used its own library, and when a virus
> > infected file is uploaded, it triggered the anti-virus software on the
> > server immediately, and the FormFile that I got was null.
> >
> > However when I used Struts 1.1 (which used FileUpload by default), the
> > virus infected file was able to upload to the server successfully just
> > like a regular file. Does anyone have any experience in this area?
> >
>
> Neither the file upload code in Struts 1.0.2, nor the code in
> commons-fileupload, pays attention to the content of the uploaded file. Any
> triggering of anti-virus software on the content was being done by some other
> code.
>
> > Alan Choy
>
> Craig
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org
Re: [fileupload] how does it handle anti-virus?
Posted by "Craig R. McClanahan" <cr...@apache.org>.
Quoting "CHOY, ALAN" <al...@cgi.com>:
> I'm wondering how FileUpload handles file which is infected with virus.
> I've tried Struts 1.0.2, which used its own library, and when a virus
> infected file is uploaded, it triggered the anti-virus software on the
> server immediately, and the FormFile that I got was null.
>
> However when I used Struts 1.1 (which used FileUpload by default), the
> virus infected file was able to upload to the server successfully just
> like a regular file. Does anyone have any experience in this area?
>
Neither the file upload code in Struts 1.0.2, nor the code in
commons-fileupload, pays attention to the content of the uploaded file. Any
triggering of anti-virus software on the content was being done by some other
code.
> Alan Choy
Craig
---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org