Check File Uploads for Viruses

I am currently developing a social networking site using RoR that uses
the attachment_fu plugin to handle image uploads. I also want to
enable users to upload photoshop files, but am worried about security
vulnerabilities because I want other users to be able to download
these photoshop files. What is to stop someone from uploading a
malicious file (i.e. virus) just by changing the extension? I don’t
want someone downloading a file with a virus on it from my site. Is
there any way to screen files for viruses when they are uploaded in
RoR? Any thoughts? Thanks.

On 16 Nov 2007, at 12:10, TTDaVeTT wrote:

I am currently developing a social networking site using RoR that uses
the attachment_fu plugin to handle image uploads. I also want to
enable users to upload photoshop files, but am worried about security
vulnerabilities because I want other users to be able to download
these photoshop files. What is to stop someone from uploading a
malicious file (i.e. virus) just by changing the extension? I don’t
want someone downloading a file with a virus on it from my site. Is
there any way to screen files for viruses when they are uploaded in
RoR? Any thoughts? Thanks.

Use the callbacks of attachment_fu that are executed after the upload
(my mind’s focussed on other stuff right now, so the exact method
name doesn’t come to mind) and run the file through ClamAV via the
´commandline command´ or system ruby calls.

Best regards

Peter De Berdt