Kleines Beispiel, wie man auf dem Server Dateien beim Upload auf Viren überprüfen kann:

Das Scanner-Interface:

public interface Scanner
{
	ScannerResults scan(File source);
}

Die ClamAV-Implementierung

public class ClamAvScannerImpl implements Scanner
{

	private static final Logger logger = Logger.getLogger(ClamAvScannerImpl.class);

	private ScannerResults scannerResults;

	/**
	 * Scans the file and returns the result.
	 */
	@Override
	public synchronized ScannerResults scan(File source)
	{

		try
		{
			Process process =  new ProcessBuilder("clamscan",source.getAbsolutePath()).start();
			int code 		= process.waitFor();

			switch (code)
			{
				case 0: scannerResults.setOk(true); break;
				case 1: 

					logger.info("Virus found in: "+source.getAbsolutePath());
					scannerResults.setMessage("Virus found!");
					scannerResults.setOk(false);
					break;

				default: logger.warn("Unexpected return code from ClamAV"); break;
			}

		} catch (IOException e)
		{
				logger.error("Problem starting ClamAV!");
		} catch (InterruptedException e)
		{
			logger.error("Problem waiting for ClamAV");
		}

		return scannerResults;
	}

	public void setScannerResults(ScannerResults scannerResults)
	{
		this.scannerResults = scannerResults;
	}

}

Die Ergebnisse:

public interface ScannerResults
{
	boolean isOk();

	List getMessages();

	void setOk(boolean ok);

	void setMessage(String message);

}

public class ClamAVScannerResultsImpl implements ScannerResults
{
	private boolean ok;
	private String message;

	public boolean isOk()
	{
		return ok;
	}

	public List getMessages()
	{
        if (message == null)
            return new ArrayList(0);
        else
            return Arrays.asList(new String[]{message});

	}

	public void setOk(boolean ok)
	{
		this.ok = ok;
	}

	public void setMessage(String message)
	{
		this.message = message;
	}

}

Dann im Controller/Service beim Upload aufrufen:

...
try
			{
				MultipartHttpServletRequest req = multiPartResolver.resolveMultipart(request);
				MultipartFile file 				= req.getFile("file");

				ScannerResults result 			= scanner.scan(new File(file.getName()));
				if(result.isOk())
				{
					//save it!
				}
				else
					mv.addObject("error","file.virus");
			} catch (MaxUploadSizeExceededException e)
			{
				mv.addObject("error","file.maxupload");
			}
...

Vorher natürlich ClamAV installieren!


Tags: