Java – in memory scanning of files, ideally using ClamAV

Java

We are implementing an enterprise application that focuses on security, including uploading files These files need virus scanning, but they also need to be encrypted

The current process is that the file is uploaded and then streamed to the temporary storage area on the disk through the encryptor Then the virus scanner is called, the file is decrypted immediately, transmitted to the ClamAV through the socket, and then the virus status is returned from the socket.

The problem is that ClamAV seems to write to the temporary area on the disk before scanning, which means unencrypted and possibly sensitive data on the file system

Who knows how to solve this problem? Maybe you just configured ClamAV to scan only in memory (my Google search didn't produce any results), or maybe some other alternative suggestions?

Solution

I assume you're using clamd because you talk to it through a socket instead of the clamscan cli tool

In this case, you can use clamd The temporarydirectory directive in conf configures it, using something like DM crypt( https://help.ubuntu.com/community/EncryptedFilesystemHowto )Point to an encrypted file system for temporary storage – I hope this helps

From man 5 clamd Conf reference:

TemporaryDirectory STRING
          Optional path to the global temporary directory.
          Default: system specific (usually /tmp or /var/tmp).
The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>