On Tue, Mar 30, 2010 at 10:56 AM, anil chalamalasetti < achalamalase...@gmail.com> wrote:
> I am trying to scan files that have been uploaded for Viruses and one > of the features I am looking for is to scan for XSS in uploaded HTML > files. Can the CLAMAV support this kind of scanning? > > Thank you > Anil > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > I can't answer your question truthfully with regard to whether or not this type of scanning is possible. I'd have to lean toward no just based on intuition as it's a pretty outside edge case as well as outside of what most people would consider an AV's purpose, though clam may very well. However as some advice. You're accepting user uploaded html. XSS can only work if you allow your user to upload JS (or another script type). In this case you're likely looking at <script> tags as well as tag attribute based js. Depending on what you are allowing your users to upload the html for you have a lot of work ahead of you. XSS is relatively easy to avoid with user uploaded html. Simply strip out anything resembling JS (or any other scripting language). You can do this with a myriad of html/xml parsers available. You should have many other concerns in mind...many of them far more difficult to deal with than the XSS. Malicious html is far harder to detect and will require a lot of vigilance and frequently updated filters to deal with. You should read up a bit, as XSS attacks are not very similar to viruses. Filtering and parsing are going to be far better tools and require a lot more effort. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
