Date: Mon, 3 Dec 2007 16:45:36 -0800 From: jekillen <jekillen@prodigy.net> To: Attos <attos.janus@gmail.com> Cc: freebsd-ports <freebsd-ports@freebsd.org> Subject: Re: PHP ClamAV Lib Message-ID: <6d08c6fb17ee02796eea380a2f065430@prodigy.net> In-Reply-To: <5297d6fd0712030621l25916c7et9fe487b76c557dd4@mail.gmail.com> References: <ef3d0167b9c7aa051e2fd98dffc961db@prodigy.net> <4751A84A.2070007@infracaninophile.co.uk> <5297d6fd0712030621l25916c7et9fe487b76c557dd4@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 3, 2007, at 6:21 AM, Attos wrote:
> You can execute ClamAV from PHP and parse the result.
> The exec() function can do the job. This is the description from the
> PHP manual:
>
> exec
> (PHP 3, PHP 4, PHP 5)
>
> exec -- Execute an external program
> Description
> string exec ( string command [, array &output [, int &return_var]] )
>
>
> exec() executes the given command.
>
> Parameters
>
>
> command
> The command that will be executed.
>
> output
> If the output argument is present, then the specified array will be
> filled with every line of output from the command. Trailing
> whitespace, such as \n, is not included in this array. Note that if
> the array already contains some elements, exec() will append to the
> end of the array. If you do not want the function to append elements,
> call unset() on the array before passing it to exec().
>
> return_var
> If the return_var argument is present along with the output argument,
> then the return status of the executed command will be written to this
> variable.
>
>
> Return Values
> The last line from the result of the command. If you need to execute a
> command and have all the data from the command passed directly back
> without any interference, use the passthru() function.
>
> To get the output of the executed command, be sure to set and use the
> output parameter.
>
> Examples
> Example 1. An exec() example
>
> <?php
> // outputs the username that owns the running php/httpd process
> // (on a system with the "whoami" executable in the path)
> echo exec('whoami');
> ?>
>
>
Yes, I could use exec(); accept I would have to be vary careful to code
the
script so it could not be exploited by a client. I would be a little
leery of
scanning an uploaded file with a script that is run in a shell rather
than
run under the auspices of the web server. More than viruses, an image
file could contain embedded php scripts. Or any other file for that
matter.
True it would have to have a recognized file name suffix for the file
to be
executed as php. but a call to gd functions can be made by specifying
a php file rather than an image file in an image tag. Anyhow, I suspect
I would have to rebuild php to include the Clamav module anyhow.
And porting the php-clamav module, if it only builds the code, would
leave the user having to do a rebuild of php to use it. And if there is
no means of rebuilding a package to add or remove a feature, or use
special configuration items, why not just by pass the port? I have been
using ports and in some cases have been left wondering just how much
configuration needs to be done after a port is installed, what and where
was installed. But I probably am still missing something.
Thanks for the suggestion.
Jeff K
>
>
>
>
>
> On Dec 1, 2007 1:30 PM, Matthew Seaman
> <m.seaman@infracaninophile.co.uk> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> jekillen wrote:
>>> Hello:
>>> I am looking for PHP ClamAV Lib
>>> in ports and I do not know of hand
>>> where to find it. I did not find it in
>>> /usr/ports/security. And if it exists in
>>> ports, what would it be called for a
>>> find command?
>>> My aim is to use it for scanning files
>>> uploaded to web sites in php scripts.
>>> I installed ClamAV, Amavisd-new,
>>> and Cyrus-sasl-saslauthd
>>> from /usr/ports/security.
>>> FreeBSD v 6.2
>>> Thanks in advance
>>> Jeff K
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6d08c6fb17ee02796eea380a2f065430>