Hi,

In suhosin php hardening patch there is an option of scanning uploaded files via php or web.

upload verification_script

\*
  Type: String
\*
  Default:

This defines the full path to a verification script for uploaded files. The script gets the temporary filename supplied and has to decide if the upload is allowed. A possible application for this is to scan uploaded files for viruses. The called script has to write a 1 as first line to standard output to allow the upload. Any other value or no output at all will result in the file being deleted.

On a systme with suhosin installed we add In php.ini

suhosin.upload.verification_script = /path-to-scanner.

Can you please advise a scanner script that will scan for:

1) viruses using clamscan

2) grep the uploaded file for certain malicious patterns and if it matches the pattern, the file is deleted

example pattern:

pattern='r0nin|m0rtix|upl0ad|r57shell|c99shell|shellbot|phpshell|void\.ru|phpremoteview|directmail|bash_history|\.ru/|brute *force|multiviews|cwings|bitchx|eggdrop|guardservices|psybnc|dalnet|undernet|vulnscan|spymeta|raslan58'

3) email report if it finds any virus or malicious pattern

Thanks