[GeoNode-users] Scanning File before or after upload for Virus in Geonode
Patrick Dufour
pjdufour.dev at gmail.com
Mon Apr 10 09:09:38 PDT 2017
Good question!
GeoNode, as well as most open source applications, do not endorse specific
AV software to defend against "watering hole attacks". [1] This is
something that would need to be added by the organization deploying GeoNode
to their specific deployment.
Importantly, as Simone said, GeoNode doesn't "execute" any documents
uploaded, so is not vulnerable itself to booby trapped word docs, PDFs, etc.
To defend against a watering hole attack, although I've never done it, I'd
think essentially, you'll need to drop to the shell to run an AV command
and then parse the output. [2] If you get a virus hit, then send an email
to admin or something along those lines. You could create a Django
managment command or directly fork https://github.com/geonode/geonode to
add the new code.
[1] https://en.wikipedia.org/wiki/Watering_hole_attack
[2] http://stackoverflow.com/quest
<http://stackoverflow.com/questions/19465512/pdfs-and-viruses-in-django#19473746>
ions/19465512/pdfs-and-viruses
<http://stackoverflow.com/questions/19465512/pdfs-and-viruses-in-django#19473746>
-in-django#19473746
<http://stackoverflow.com/questions/19465512/pdfs-and-viruses-in-django#19473746>
Regards,
Patrick
On Mon, Apr 10, 2017 at 9:26 AM, Simone Dalmasso <simone.dalmasso at gmail.com>
wrote:
> I was saying that, for the use that GeoNode does of the files, there's no
> need to check. Those files cannot be executed on the server.
> Different is if someone uploads a zip or rar with malicious files in it
> and then some user downloads and executes it. In this case usually Windows
> systems have anti viruses, but you can see if Ubuntu has something
> suitable, see this https://help.ubuntu.com/community/Antivirus
>
> 2017-04-10 15:12 GMT+02:00 Rasika Chinchwade <rasikachinchwade31 at gmail.com
> >:
>
>> Thank you for quick reply.
>> No I mean to check various files for VIRUS before uploading or after
>> uploading on server.Not on file types.
>>
>> Thank you
>>
>> On Mon, Apr 10, 2017 at 6:35 PM, Simone Dalmasso <
>> simone.dalmasso at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I guess you mean the documents they file types are restricted as per
>>> https://github.com/GeoNode/geonode/blob/2.6.x/geonode/settings.py#L227,
>>> but in any case geonode will never execute (it can't) or make executable
>>> the uploaded files, they are just stored.
>>>
>>> 2017-04-10 14:56 GMT+02:00 Rasika Chinchwade <
>>> rasikachinchwade31 at gmail.com>:
>>>
>>>> Good evening ..
>>>> I have customized GeoNode as per my needs.Now I have facing major
>>>> problem before deploying Geoode on server that is Scanning of malicious
>>>> files uploaded by users.If the files contains infected data then how can I
>>>> protect server.Is there any easy django antivirus plugin for checking user
>>>> uploaded data for virus on server side?.Please help me as soon as possible.
>>>>
>>>>
>>>> Thank you
>>>>
>>>> _______________________________________________
>>>> geonode-users mailing list
>>>> geonode-users at lists.osgeo.org
>>>> https://lists.osgeo.org/mailman/listinfo/geonode-users
>>>>
>>>>
>>>
>>>
>>> --
>>> Simone
>>>
>>
>>
>> _______________________________________________
>> geonode-users mailing list
>> geonode-users at lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/geonode-users
>>
>>
>
>
> --
> Simone
>
> _______________________________________________
> geonode-users mailing list
> geonode-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/geonode-users
>
>
On Mon, Apr 10, 2017 at 9:26 AM, Simone Dalmasso <simone.dalmasso at gmail.com>
wrote:
> I was saying that, for the use that GeoNode does of the files, there's no
> need to check. Those files cannot be executed on the server.
> Different is if someone uploads a zip or rar with malicious files in it
> and then some user downloads and executes it. In this case usually Windows
> systems have anti viruses, but you can see if Ubuntu has something
> suitable, see this https://help.ubuntu.com/community/Antivirus
>
> 2017-04-10 15:12 GMT+02:00 Rasika Chinchwade <rasikachinchwade31 at gmail.com
> >:
>
>> Thank you for quick reply.
>> No I mean to check various files for VIRUS before uploading or after
>> uploading on server.Not on file types.
>>
>> Thank you
>>
>> On Mon, Apr 10, 2017 at 6:35 PM, Simone Dalmasso <
>> simone.dalmasso at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I guess you mean the documents they file types are restricted as per
>>> https://github.com/GeoNode/geonode/blob/2.6.x/geonode/settings.py#L227,
>>> but in any case geonode will never execute (it can't) or make executable
>>> the uploaded files, they are just stored.
>>>
>>> 2017-04-10 14:56 GMT+02:00 Rasika Chinchwade <
>>> rasikachinchwade31 at gmail.com>:
>>>
>>>> Good evening ..
>>>> I have customized GeoNode as per my needs.Now I have facing major
>>>> problem before deploying Geoode on server that is Scanning of malicious
>>>> files uploaded by users.If the files contains infected data then how can I
>>>> protect server.Is there any easy django antivirus plugin for checking user
>>>> uploaded data for virus on server side?.Please help me as soon as possible.
>>>>
>>>>
>>>> Thank you
>>>>
>>>> _______________________________________________
>>>> geonode-users mailing list
>>>> geonode-users at lists.osgeo.org
>>>> https://lists.osgeo.org/mailman/listinfo/geonode-users
>>>>
>>>>
>>>
>>>
>>> --
>>> Simone
>>>
>>
>>
>> _______________________________________________
>> geonode-users mailing list
>> geonode-users at lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/geonode-users
>>
>>
>
>
> --
> Simone
>
> _______________________________________________
> geonode-users mailing list
> geonode-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/geonode-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170410/4c2cce2e/attachment.html>
More information about the geonode-users
mailing list