Run a Virus Scan While Uploading files in ASP.NET - asp.net

I have developed a web based application in ASP.NET and C# where users have the facility to upload files on the server through this application I want the application to Scan the uploaded files for viruses before saving on the server. Same like when we attach files with our email in Yahoo. Please guide me how I can achieve this functionality Any API which can be integrated in ASP.NET application or any other way you can suggest. We can purchase the licensed version of a product which can achieve this. I have googled but did not find specific results.
Thanks in advance!

First of all the file must be saved onto the server before you can scan it. If you notice Yahoo will upload the file first - but not allow the attachment to be sent until scanned.
Then you can use an antivirus with a command line interface or some other kind of API. Both of these can be called via C# and should provide the functionality you require. Parhaps write a wrapper class that takes a file and returns true or false depending on whether a virus was detected.

Other applications that provide you with a command line interface:
Microsoft Security Essentials
clamAv
I believe MS AV provides better results.

Just purchase antivirus software that has a command-line interface (several popular packages include this). Once the file has been uploaded, run the scan.
I would think, in order to upload and scan at the same time, you might need to implement your own antivirus software as I'm not familiar with any package that would provide that sort of interface.
I run a shareware site. It doesn't work as you described, but I download each file to my local computer and run a scan on them. You would be doing something similar.

Related

Is there any Logviewer application available to see 4GL logs? -PROGRESS 4GL

For me its quite hard to view the 4GL log file. Is there any log viewer application available?
The logfiles are plain text, any text viewer will do.
Which is best depends on your OS and personal preferences.
On linux I'd use less, or vi for "small" logfiles.
On windows I use baretail regularly, but I also use Vs Code, Editpad, ..., notepad
The 4GL Log files should really not be that hard to read?
As a possible built in option: in OpenEdge Management there's a log viewer.
On a newly set up server with classic appserver/adminserver it generally runs on http://<server-ip>:9090/ with credentials admin/admin (to be changed at first login).
This might be different with PAS (I'm not working with that, at least not yet).
We have our databases hosted in AWS so I send all my logs (DB, Webspeed, PASOE, AdminServer, etc etc etc) to Cloudwatch with a relevant retention policy. It's not hard to build a Date/Time parsing formula to calculate when the log entry happens. That way I can give people access to the logfiles easily without them needing access to all the different servers. It's a very neat solution. And we can send non-Progress logs over too, so Apache etc. And grepping them is dead easy too.

harmon.ie bit9 execution block

Our company recently joined a larger company that utilizes Bit9 for application whitelisting. Previously, we had a large amount of users using Harmon.IE to interface with our Sharepoint-based document management system. I'm trying to figure out what to allow in Bit9 to allow the document open process to work in the Harmon.IE outlook add-in.
What's happening is the user tries to open a file from the Harmon.IE pane and Bit9 blocks the auto-generated, randomly-named vbs file used to launch the file from Sharepoint. Since this file is different each time and has a different hash, we can't simply approve the vbs file.
We also can't set wscript as a trusted source as many malware sources utilize wscript. Likewise, can't really allow anything that comes out of Outlook as that would open the door for malware delivery via email.
I'm trying to find out if there's a dll that I can trust somewhere in the stack that will allow these VBS files to be trusted and allowed to run.
Add OpenFilesUsingScript key with default value "False"- harmon.ie will launch files directly without using VB script
[HKEY_CURRENT_USER\Software\Mainsoft\Prefs\OpenFilesUsingScript]
#="False"
A custom rule with an action of Execute Allow on the path of the VBS with the name wild carded as deep as possible should cover you just fine.

Is there a program that lets me edit web files with a native editor?

Before I attempt to program the following function myself, I wonder if something already exists.
What I would like to do is click an edit link on my website for a given document, and have that document launch in the native editor on my local machine (via a temporary file mechanism).
When I save the document in the native editor, the document is HTTP PUT back to the website. This can be accomplished by watching the file for writes, or watching the editor process for exit.
This way I can more easily edit documents on the web (instead of going through the download / edit / upload cycle).
My design would work as follows:
Register .webedit files on the local machine.
When a .webedit file is downloaded, launch webedit.exe with the file.
The file contains a URL (http://server/document) which is checked against a security database to ensure we're only opening allowed URLs.
The URL is downloaded to a temporary location.
The temporary file is launched in the native editor.
The file is watched for changes, and uploaded (HTTP PUT) on change detection (or when the editor is closed, if it's not a single-instance multiple-document editor).
Lots of FTP / SCP GUIs have this type of functionality, but I have not been able to find it for the web in general, or a shared library that allows you to plug in to this function.
Has anyone seen a program that does this?
SharePoint works like this.
It's great for managing shared documents in corporate environments.
Users can even checkout/checkin documents & the features are very extensible..you can customize pretty much anything if you know how.
Edit:
Since you're on Linux..i've heard that Alfreco is a great alternative.
I've never used it, but I know a couple organizations using it instead of SharePoint.
It integrates with Microsoft Office as well.
Also, it will definitely be cheaper.

How to push data from excel to SQL Server?

I have written a simple ASP.NET MVC 2 application that stores data and can dynamically create excel files using Microsoft's openXML for excel files.
What is the best way to push changes the user makes in excel to my database? I know it can be done via file upload, but this is rather obtrusive to the end user to navigate to my site, select upload, and then select their file.
Is there a way to do 1 click publishing from the excel file using VBA? VBA can interact with the database directly, but this seems dangerous from a data security standpoint, and duplication of logic.
Do web services work with the MVC architecture? How do I get a vba macro enabled document to send itself to the server?
For anyone out there looking for a fix, I ended up using vba's InternetExplorer.Application object and interacting with an upload form on my site.
For more info on the upload form check out:
http://haacked.com/archive/2010/07/16/uploading-files-with-aspnetmvc.aspx
For more info on VBA and the InternetExplorer.Application object check out:
www.motobit.com/tips/detpg_uploadvbaie/
You might take a look at Sql server integration services for bulk upload of data into sql server. The integration services once created can be run using a normal c# desktop program or using a windows service.
But you might
need to make sure this happens in the background and will have to be
an asynchronous task.
also need to make sure it is properly secured
by not giving direct execute access to any other users
I'm assuming that this is for a specific user. I've done something very similar to what you are describing before.
Tell the user to save the excel file in their DropBox and share the file with you.
Have the server listen for changes to this file and run a server side routine to import the data.
Disclaimer: This is not a secure solution, but it's easy and will get the job done.

Can you access the windows registry from Adobe Air?

(y/N)
Edit: Read-only access is fine.
I haven't tried this yet, but I think I've found a workaround.
Adobe AIR cannot write to Windows Registry, but you can, however, launch a native process in AIR 2. Here's a blog post that shows how to do that: http://www.adobe.com/devnet/air/flex/quickstart/articles/interacting_with_native_process.html
Now, on Windows, you are able to modify the Windows registry with .reg files. .reg files are just plain text files that's read by regedit.exe. So in theory, you can write a .reg file to the file system, then launch regedit.exe with the .reg file passed in and...TADA! You just modified Windows registry from your AIR app!
To read value, you can use regedit's export function to write to a reg file and read from the reg file. Details to regedit's options: http://www.robvanderwoude.com/regedit.php
Here are some additional resources:
.reg file syntax: http://support.microsoft.com/kb/310516
write to file with AIR: http://www.adobe.com/devnet/air/flex/articles/exploring_file_capabilities.html
If your willing to force the user to also install another application, you could write a small C# or C++ windows service that simply opens a Socket that provides some kind of protocol for accessing the registry. Then in AIR you can use the Socket class to send messages to/from the C# service that would return results to the AIR app.
When the app loads you can try to connect to the Socket, and if the connection is rejected you could prompt the user to download/install the service.
As for direct access to the registry I am pretty sure Adobe wouldn't allow that from AIR.
If you can I'd be horrified.
Why would you be horrified?
Air is a desktop platform, and having access to the OS's APIs (such as registry access) makes plenty of sense.
That being said, it isn't supported now (and as Adobe seem to be very Mac-centric, I doubt it will ever be added).
I have settled on grabbing the users name from the name of the user directory
Using File.userDirectory.name will work in most cases, but it seems like a very fragile implementation, it relies on the OS maintaining the convention of having the username as their directory. I can think of a few possible things that might break it (playing with TweakUI etc).
Here is a sample of modifying Windows Registry in Adobe Air using NativeProcess and Python. So you can Add, Delete or Read keys by only a single line of code !!
Download: Adobe Air Registry Modifier on Github
Are you trying to determine if the user is an administrator or not?
If so you could grad the username by with "File.userDirectory.name".
And I think to figure out if the user is an administrator you could probably try to access a file that requires administrator privileges (maybe try writing a file to Windows/System32). If the file access fails you could probably assume that the user is under a Limited account.
A bit late, but I got a wish from a client to read some values from the registry when the project was almost finished. If there were more of these types of wishes, I would have never choosen AIR. But I found a nice extension from FluorineFx, and by extending it, I can now read string and dword values from the registry. Windows only: http://aperture.fluorinefx.com/
You could theoretically modify the actual registry files, but I would highly discourage that idea.
Be very careful if you decide to create a socket server that listens for registry commands. You are potentially creating a security hole and users' personal firewalls may get in the way in terms of usability.

Resources