sau/tissue-bundle

Slight variation of the original cleentfaar/CLTissueBundle and evozon-php/tissue-bundle

1.0.2 2021-04-13 10:37 UTC

This package is auto-updated.

Last update: 2024-11-13 18:32:15 UTC


README

A Symfony bundle that can scan your files for viruses using the Tissue library and adapters. Uses the ClamAV engine by default.

Build Status Scrutinizer Code Quality Code Coverage
Latest Stable Version Total Downloads Latest Unstable Version

Features

  • Scan uploaded files during validation (using the CleanFile constraint).
  • Scan files during a batch process (simply using the cl_tissue.scanner-service).
  • Uses the Tissue library and it's ClamAV adapter, but you can use your own virus-scanning engine by adding your own adapter service and tagging it with cl_tissue.adapter (check out the installation documentation for more information).

Quick example

...pictures say more than a thousand words right?

1. You have a file-upload form...

1. You have a file-upload form...

3. Someone tries to upload an infected file...

2. Someone tries to upload an infected file...

3. The infected file gets rejected...

3. The infected file gets rejected...

Please be sure to read the usage documentation if you are planning on actually using this bundle!

Documentation

WARNING

I highly recommend you to research the security issues involved before using any of these packages on a production server!

Although following the steps described in the documentation should be enough to keep most evil-doers from uploading infected files to your forms, I can never give any 100% guarantee! You should take care in keeping your virus-scanner's signature database up-to-date, otherwise new viruses may get through. You should also keep in mind that there are many more ways to abuse uploads than just uploading an infected file!

Make sure your application cannot be manipulated to execute any of the uploaded files! Not even those deemed 'clean'!

For instance, if you were to keep files available on your web-directory after they have been uploaded, you better make sure that there is NO CHANCE that the file may get executed by your application in one way or another.

A malicious user could simply upload a piece of PHP-code (no virus!) that will open your application up to a huge range of leaks. Again, that's just one of the reasons that you should not solely rely on this package protecting your site!

Read up on this subject before opening up your application to possible security leaks! I am not responsible for any damage done to your server or application while using this package!