<div dir="ltr"><div><div>Good question!<br><br></div><div>GeoNode, as well as most open source applications, do not endorse specific AV software to defend against "watering hole attacks". [1] This is something that would need to be added by the organization deploying GeoNode to their specific deployment.<br><br>Importantly, as Simone said, GeoNode doesn't "execute" any documents
uploaded, so is not vulnerable itself to booby trapped word docs, PDFs,
etc.<br><br></div><div>To defend against a watering hole attack, although I've never done it, I'd think essentially, you'll need to drop to the shell to run an AV command and then parse the output. [2] If you get a virus hit, then send an email to admin or something along those lines. You could create a Django managment command or directly fork <a href="https://github.com/geonode/geonode">https://github.com/geonode/geonode</a> to add the new code.<br><br>[1] <a href="https://en.wikipedia.org/wiki/Watering_hole_attack" target="_blank">https://en.wikipedia.org/wiki/<wbr>Watering_hole_attack</a><br><br></div><div>[2] <a href="http://stackoverflow.com/questions/19465512/pdfs-and-viruses-in-django#19473746" target="_blank">http://stackoverflow.com/quest</a><a href="http://stackoverflow.com/questions/19465512/pdfs-and-viruses-in-django#19473746" target="_blank"><wbr>ions/19465512/pdfs-and-viruses</a><a href="http://stackoverflow.com/questions/19465512/pdfs-and-viruses-in-django#19473746" target="_blank"><wbr>-in-django#19473746</a><br><br></div>Regards,<br></div>Patrick<br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 10, 2017 at 9:26 AM, Simone Dalmasso <span dir="ltr"><<a href="mailto:simone.dalmasso@gmail.com" target="_blank">simone.dalmasso@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I was saying that, for the use that GeoNode does of the files, there's no need to check. Those files cannot be executed on the server.<div>Different is if someone uploads a zip or rar with malicious files in it and then some user downloads and executes it. In this case usually Windows systems have anti viruses, but you can see if Ubuntu has something suitable, see this <a href="https://help.ubuntu.com/community/Antivirus" target="_blank">https://help.ubuntu.com/c<wbr>ommunity/Antivirus</a></div></div><div class="gmail-m_-2423113868781606905HOEnZb"><div class="gmail-m_-2423113868781606905h5"><div class="gmail_extra"><br><div class="gmail_quote">2017-04-10 15:12 GMT+02:00 Rasika Chinchwade <span dir="ltr"><<a href="mailto:rasikachinchwade31@gmail.com" target="_blank">rasikachinchwade31@gmail.com</a>></span><wbr>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Thank you for quick reply.</div>No I mean to check various files for VIRUS before uploading or after uploading on server.Not on file types.<div><br></div><div>Thank you</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 10, 2017 at 6:35 PM, Simone Dalmasso <span dir="ltr"><<a href="mailto:simone.dalmasso@gmail.com" target="_blank">simone.dalmasso@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi, <div><br></div><div>I guess you mean the documents they file types are restricted as per <a href="https://github.com/GeoNode/geonode/blob/2.6.x/geonode/settings.py#L227" target="_blank">https://github.com/GeoNode<wbr>/geonode/blob/2.6.x/geonode/se<wbr>ttings.py#L227</a>, but in any case geonode will never execute (it can't) or make executable the uploaded files, they are just stored. </div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="gmail-m_-2423113868781606905m_-5393218503853837349m_2792383039615676386h5">2017-04-10 14:56 GMT+02:00 Rasika Chinchwade <span dir="ltr"><<a href="mailto:rasikachinchwade31@gmail.com" target="_blank">rasikachinchwade31@gmail.com</a>></span><wbr>:<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div class="gmail-m_-2423113868781606905m_-5393218503853837349m_2792383039615676386h5"><div dir="ltr">Good evening ..<div> I have customized GeoNode as per my needs.Now I have facing major problem before deploying Geoode on server that is Scanning of malicious files uploaded by users.If the files contains infected data then how can I protect server.Is there any easy django antivirus plugin for checking user uploaded data for virus on server side?.Please help me as soon as possible.</div><div><br></div><div><br></div><div>Thank you</div></div>
<br></div></div>______________________________<wbr>_________________<br>
geonode-users mailing list<br>
<a href="mailto:geonode-users@lists.osgeo.org" target="_blank">geonode-users@lists.osgeo.org</a><br>
<a href="https://lists.osgeo.org/mailman/listinfo/geonode-users" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailma<wbr>n/listinfo/geonode-users</a><br>
<br></blockquote></div><span class="gmail-m_-2423113868781606905m_-5393218503853837349m_2792383039615676386HOEnZb"><font color="#888888"><br><br clear="all"><span class="gmail-m_-2423113868781606905m_-5393218503853837349HOEnZb"><font color="#888888"><div><br></div>-- <br><div class="gmail-m_-2423113868781606905m_-5393218503853837349m_2792383039615676386m_-3606835210664613251gmail_signature">Simone </div>
</font></span></font></span></div>
</blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>
geonode-users mailing list<br>
<a href="mailto:geonode-users@lists.osgeo.org" target="_blank">geonode-users@lists.osgeo.org</a><br>
<a href="https://lists.osgeo.org/mailman/listinfo/geonode-users" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailma<wbr>n/listinfo/geonode-users</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail-m_-2423113868781606905m_-5393218503853837349gmail_signature">Simone </div>
</div>
</div></div><br>______________________________<wbr>_________________<br>
geonode-users mailing list<br>
<a href="mailto:geonode-users@lists.osgeo.org" target="_blank">geonode-users@lists.osgeo.org</a><br>
<a href="https://lists.osgeo.org/mailman/listinfo/geonode-users" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailma<wbr>n/listinfo/geonode-users</a><br>
<br></blockquote></div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 10, 2017 at 9:26 AM, Simone Dalmasso <span dir="ltr"><<a href="mailto:simone.dalmasso@gmail.com" target="_blank">simone.dalmasso@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I was saying that, for the use that GeoNode does of the files, there's no need to check. Those files cannot be executed on the server.<div>Different is if someone uploads a zip or rar with malicious files in it and then some user downloads and executes it. In this case usually Windows systems have anti viruses, but you can see if Ubuntu has something suitable, see this <a href="https://help.ubuntu.com/community/Antivirus" target="_blank">https://help.ubuntu.com/<wbr>community/Antivirus</a></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">2017-04-10 15:12 GMT+02:00 Rasika Chinchwade <span dir="ltr"><<a href="mailto:rasikachinchwade31@gmail.com" target="_blank">rasikachinchwade31@gmail.com</a>></span><wbr>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Thank you for quick reply.</div>No I mean to check various files for VIRUS before uploading or after uploading on server.Not on file types.<div><br></div><div>Thank you</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 10, 2017 at 6:35 PM, Simone Dalmasso <span dir="ltr"><<a href="mailto:simone.dalmasso@gmail.com" target="_blank">simone.dalmasso@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi, <div><br></div><div>I guess you mean the documents they file types are restricted as per <a href="https://github.com/GeoNode/geonode/blob/2.6.x/geonode/settings.py#L227" target="_blank">https://github.com/GeoNode<wbr>/geonode/blob/2.6.x/geonode/se<wbr>ttings.py#L227</a>, but in any case geonode will never execute (it can't) or make executable the uploaded files, they are just stored. </div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="m_2154993900195502277m_2792383039615676386h5">2017-04-10 14:56 GMT+02:00 Rasika Chinchwade <span dir="ltr"><<a href="mailto:rasikachinchwade31@gmail.com" target="_blank">rasikachinchwade31@gmail.com</a>></span><wbr>:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="m_2154993900195502277m_2792383039615676386h5"><div dir="ltr">Good evening ..<div> I have customized GeoNode as per my needs.Now I have facing major problem before deploying Geoode on server that is Scanning of malicious files uploaded by users.If the files contains infected data then how can I protect server.Is there any easy django antivirus plugin for checking user uploaded data for virus on server side?.Please help me as soon as possible.</div><div><br></div><div><br></div><div>Thank you</div></div>
<br></div></div>______________________________<wbr>_________________<br>
geonode-users mailing list<br>
<a href="mailto:geonode-users@lists.osgeo.org" target="_blank">geonode-users@lists.osgeo.org</a><br>
<a href="https://lists.osgeo.org/mailman/listinfo/geonode-users" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailma<wbr>n/listinfo/geonode-users</a><br>
<br></blockquote></div><span class="m_2154993900195502277m_2792383039615676386HOEnZb"><font color="#888888"><br><br clear="all"><span class="m_2154993900195502277HOEnZb"><font color="#888888"><div><br></div>-- <br><div class="m_2154993900195502277m_2792383039615676386m_-3606835210664613251gmail_signature" data-smartmail="gmail_signature">Simone </div>
</font></span></font></span></div>
</blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>
geonode-users mailing list<br>
<a href="mailto:geonode-users@lists.osgeo.org" target="_blank">geonode-users@lists.osgeo.org</a><br>
<a href="https://lists.osgeo.org/mailman/listinfo/geonode-users" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailma<wbr>n/listinfo/geonode-users</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="m_2154993900195502277gmail_signature" data-smartmail="gmail_signature">Simone </div>
</div>
</div></div><br>______________________________<wbr>_________________<br>
geonode-users mailing list<br>
<a href="mailto:geonode-users@lists.osgeo.org">geonode-users@lists.osgeo.org</a><br>
<a href="https://lists.osgeo.org/mailman/listinfo/geonode-users" rel="noreferrer" target="_blank">https://lists.osgeo.org/<wbr>mailman/listinfo/geonode-users</a><br>
<br></blockquote></div><br></div>