Skip to main content

Hi,

We are searching for a secure file upload solution in a customer portal (universal GUI). 
Has someone experience with this to have a secure file upload that no infected files or malware files are uploaded to the server? 

Initially, we created a process flow, mailing the file as attachment, and then reading out the mailbox, so that there is at least a check via the mail. 
But that takes some time and is not clear to end user why the uploaded file is not immediately visible.
So we are searching for an alternative approach.

Thanks in advance!

Hi @HJ van Dalfsen,

To be able to help you more specifically, which storage type are you intending on using?
Where are you hosting your filestorage, on premise or in the cloud? And if in the cloud, which cloud?

Thanks in advance!

Kind regards,
Leroy Witteveen


Hi @Leroy Witteveen ,

The files are stored on a VM server in a local datacenter, not in AWS or Azure.

Hopes this info will help you.

 

Kind regards, 
HJ van Dalfsen 


Hi @HJ van Dalfsen,

Unfortunately, because it isn't hosted in the cloud and we don't have this as a first class feature, you would have to implement a solution for this yourself at the moment. For example Microsoft Azure has Microsoft Defender for Storage, which is a built-in feature. Creating a solution for this yourself inherently makes it impossible for the uploaded file to be immediately visible.


Some inspiration, make sure to verify and test this extensively:

  • Make an expression field for the file path that prepends the folder “safe”. Make sure only this field, not the original path, is exposed when serving the files.
  • Add a column marked_safe_by_virus_scanner, default value false, hide the files that are false, that way you only show records of which the file is safe.
  • Let a script run periodically in the file storage directory, let this script scan the files with e.g. Microsoft Defender Antivirus, interpret the result, if succesful fire a HTTP request that sets marked_safe_by_virus_scanner to true and move the file to the subfolder “safe”.

To make it closer to “immediate”, instead of running the script periodically, you could try using System.IO.FileSystemWatcher from PowerShell to let the script be ran instantly when a file gets added. You would still have a waiting time while the virus scanner is scanning though.
 

Kind regards,
Leroy Witteveen


Hi @Leroy Witteveen , 
Thanks for the suggestion. 
We will check if we can implement it like this.

Kind regards, 

HJ van Dalfsen


Reply