I'm building a portal that will allow users to upload files. I need to make sure that these files do not contain viruses. My ideal solution would be to have the host OS AV keep a watch on temporary folders and scan any incoming files.
我正在建立一个允许用户上传文件的门户网站。我需要确保这些文件不包含病毒。我理想的解决方案是让主机OS AV监视临时文件夹并扫描任何传入的文件。
When a file is uploaded in ASP.Net 2, does it get written to disk in a temp folder, or is it persisted in memory? If it is written to disk, will IIS lock it so that the AV cannot remove it? And if it is written to disk, where?
在ASP.Net 2中上传文件时,它是否会写入临时文件夹中的磁盘,还是会在内存中保留?如果它写入磁盘,IIS会锁定它,以便AV无法删除它吗?如果它被写入磁盘,在哪里?
6 个解决方案
#1
8
I think the ideal way would be have an "Incoming" folder that has been given the necessary permissions for ASP.NET to save files. I have never encountered a situation where files remain locked even after you call SaveAs
on the FileUpload control.
我认为理想的方法是拥有一个“Incoming”文件夹,该文件夹已获得ASP.NET保存文件所需的权限。我从未遇到过文件保持锁定的情况,即使在FileUpload控件上调用SaveAs之后也是如此。
Note that the FileUpload control does not upload the file until you call SaveAs
and this is when the file is persisted to disk on the server. It seems to hold all file contents in an HttpInputStream
, which is written to disk when the SaveAs
method is called.
请注意,FileUpload控件在您调用SaveAs之前不会上载文件,这是在文件持久保存到服务器上的磁盘时。它似乎将所有文件内容保存在HttpInputStream中,该函数在调用SaveAs方法时写入磁盘。
The file(s) should then be free to be scanned by your AV application. In case an error occurs, you can give relevant feedback to the user.
然后,AV应用程序可以*扫描文件。如果发生错误,您可以向用户提供相关反馈。
#2
9
Here's the actual dirt on how ASP.NET handles files. It's version dependant, but 2.0 and all subsequent versions do write uploads to disk before you get a chance to handle them. The above answers are actually wrong -- ASP.NET above 2.0 will write the file to disk. If you think about it, loading an upload into memory opens you to a DDOS hole as large files would take up increasing amounts of server memory. By version, here's how ASP.NET acts:
这是ASP.NET处理文件的实际问题。它依赖于版本,但2.0和所有后续版本会在您有机会处理它们之前将上传内容写入磁盘。上面的答案实际上是错误的 - 2.0以上的ASP.NET会将文件写入磁盘。如果您考虑一下,将内容加载到内存会打开DDOS漏洞,因为大文件会占用越来越多的服务器内存。按版本,这是ASP.NET的行为方式:
-
ASP.NET 1.0 and 1.1 loaded the whole request in memory before you could access it. This meant that large files could potentially fill all memory, causing exceptions and otherwise bringing down the server.
ASP.NET 1.0和1.1在您访问它之前将整个请求加载到内存中。这意味着大文件可能会填满所有内存,从而导致异常,从而导致服务器崩溃。
-
ASP.NET 2.0 introduced a disk caching scheme for uploads, again snagging the upload and processing it before client code can handle it. The temporary folder can be accessed as follows:
ASP.NET 2.0为上传引入了磁盘缓存方案,再次阻止上传并在客户端代码处理之前对其进行处理。可以按如下方式访问临时文件夹:
string uploadFolder = Path.Combine(HttpRuntime.CodegenDirInternal, "uploads");
string uploadFolder = Path.Combine(HttpRuntime.CodegenDirInternal,“uploads”);
-
As of ASP.NET 4.0, the property name referenced above is HttpRuntime.CodegenDir:
从ASP.NET 4.0开始,上面引用的属性名称是HttpRuntime.CodegenDir:
string uploadFolder = Path.Combine(HttpRuntime.CodegenDir, "uploads");
string uploadFolder = Path.Combine(HttpRuntime.CodegenDir,“uploads”);
At least now it's cached to disk so you don't have the memory issues from 1.0 and 1.1, but you still can't access it until it's been fully retrieved.
至少现在它已缓存到磁盘,因此您没有1.0和1.1的内存问题,但在完全检索之前您仍然无法访问它。
#3
3
Are you using the ASP FileUpload server control?
您使用的是ASP FileUpload服务器控件吗?
If so it is loaded into the servers memory until you do something with it.
如果是这样,它将被加载到服务器内存中,直到您对它执行某些操作。
This is from MSDN;
这是来自MSDN;
There is no inherent limitation on where you can save uploaded files. However, to save the file, the ASP.NET process must have permission to create files in the location that you specify. In addition, your application might be configured to require an absolute path (not a relative path) for saving the file, which is a security measure.
在哪里可以保存上传的文件没有固有的限制。但是,要保存文件,ASP.NET进程必须具有在指定位置创建文件的权限。此外,您的应用程序可能配置为需要绝对路径(而不是相对路径)来保存文件,这是一种安全措施。
#4
1
If you're serious about security, another related tip is to make certain the folder that you're saving files to is above the webroot so users cannot directly access it in any way. You can still give them the ability to delete their uploaded files with some database work, i.e. save the location and make sure each file is uniquely named (if the users are authenticating I just save the filename as USERNAME.XYZ where XYZ is the file's extension.
如果您对安全性非常认真,另一个相关提示是确保您保存文件的文件夹位于webroot之上,以便用户无法以任何方式直接访问它。你仍然可以让他们删除他们上传的文件与一些数据库工作,即保存位置,并确保每个文件唯一命名(如果用户正在验证我只是将文件名保存为USERNAME.XYZ,其中XYZ是文件的扩展名。
#5
1
For your scenario... I usually have an appsetting for any upload/temp location, with a default under ~/App_Data/Uploads/ It shouldn't be visible to the AV until the bytes are persisted to disk. If you really want active scanning, then you may wish to have a multi-stage queue... (also, you will want to do an Async request in ASP.Net), if you wait for any scan to complete.
对于你的场景...我通常有一个适用于任何上传/临时位置的appsetting,默认情况下在〜/ App_Data / Uploads /下它应该对AV不可见,直到字节持久存储到磁盘。如果你真的想要主动扫描,那么你可能希望有一个多阶段队列......(如果你等待任何扫描完成,你也想在ASP.Net中做一个异步请求)。
- You push the item into a queue to check in say 30 seconds (enough time for the AV scanner)
- 您将项目推入队列以检查说30秒(AV扫描仪有足够的时间)
- You save the file to an Upload directory (that gets checked)
- 您将文件保存到上载目录(已检查)
- You have another service check against the queue, and mark it as complete/processed if it still exists in 30 seconds
- 您对队列进行了另一项服务检查,如果它在30秒内仍然存在,则将其标记为已完成/已处理
- Your UI will check the queue every 10 seconds to see if it's done, then present that to the user.
- 您的UI将每隔10秒检查一次队列以查看是否已完成,然后将其呈现给用户。
I would consider white-listing your upload path with your native scanner, and see if there's an API exposed to run a manual scan on-request. An alternative would be to use ClamAV/ClamWin setup as a service scanner, you can run updates on it every hour (I've done this for mail systems), and it tends to be fairly decent with file signatures, even in archive files (if configured properly).
我会考虑使用您的本机扫描程序将您的上传路径列入白名单,并查看是否有公开的API以按请求运行手动扫描。另一种方法是使用ClamAV / ClamWin设置作为服务扫描程序,您可以每小时运行一次更新(我已经为邮件系统完成了这项工作),即使在存档文件中,文件签名也相当不错(如果配置正确)。
Also, you may wish to use 7z.exe (7-zip command line) to extract any archives. 7-zip can extract just about every archive type I've seen, even though it only supports a couple of compression targets for new archives.
此外,您可能希望使用7z.exe(7-zip命令行)来提取任何存档。 7-zip可以提取我见过的每种档案类型,即使它只支持新档案的几个压缩目标。
Hopefully this helps as I was going to append this as a comment to another post, but it was getting lengthy.
希望这有助于我将其作为评论附加到另一篇文章,但它变得冗长。
#6
0
Just like Cerebrus I will tell you that the UploadFile control will NOT write anything to the disk drive unless you tell it to.
就像Cerebrus一样,我会告诉你,除非你告诉它,否则UploadFile控件不会向磁盘驱动器写任何东西。
#1
8
I think the ideal way would be have an "Incoming" folder that has been given the necessary permissions for ASP.NET to save files. I have never encountered a situation where files remain locked even after you call SaveAs
on the FileUpload control.
我认为理想的方法是拥有一个“Incoming”文件夹,该文件夹已获得ASP.NET保存文件所需的权限。我从未遇到过文件保持锁定的情况,即使在FileUpload控件上调用SaveAs之后也是如此。
Note that the FileUpload control does not upload the file until you call SaveAs
and this is when the file is persisted to disk on the server. It seems to hold all file contents in an HttpInputStream
, which is written to disk when the SaveAs
method is called.
请注意,FileUpload控件在您调用SaveAs之前不会上载文件,这是在文件持久保存到服务器上的磁盘时。它似乎将所有文件内容保存在HttpInputStream中,该函数在调用SaveAs方法时写入磁盘。
The file(s) should then be free to be scanned by your AV application. In case an error occurs, you can give relevant feedback to the user.
然后,AV应用程序可以*扫描文件。如果发生错误,您可以向用户提供相关反馈。
#2
9
Here's the actual dirt on how ASP.NET handles files. It's version dependant, but 2.0 and all subsequent versions do write uploads to disk before you get a chance to handle them. The above answers are actually wrong -- ASP.NET above 2.0 will write the file to disk. If you think about it, loading an upload into memory opens you to a DDOS hole as large files would take up increasing amounts of server memory. By version, here's how ASP.NET acts:
这是ASP.NET处理文件的实际问题。它依赖于版本,但2.0和所有后续版本会在您有机会处理它们之前将上传内容写入磁盘。上面的答案实际上是错误的 - 2.0以上的ASP.NET会将文件写入磁盘。如果您考虑一下,将内容加载到内存会打开DDOS漏洞,因为大文件会占用越来越多的服务器内存。按版本,这是ASP.NET的行为方式:
-
ASP.NET 1.0 and 1.1 loaded the whole request in memory before you could access it. This meant that large files could potentially fill all memory, causing exceptions and otherwise bringing down the server.
ASP.NET 1.0和1.1在您访问它之前将整个请求加载到内存中。这意味着大文件可能会填满所有内存,从而导致异常,从而导致服务器崩溃。
-
ASP.NET 2.0 introduced a disk caching scheme for uploads, again snagging the upload and processing it before client code can handle it. The temporary folder can be accessed as follows:
ASP.NET 2.0为上传引入了磁盘缓存方案,再次阻止上传并在客户端代码处理之前对其进行处理。可以按如下方式访问临时文件夹:
string uploadFolder = Path.Combine(HttpRuntime.CodegenDirInternal, "uploads");
string uploadFolder = Path.Combine(HttpRuntime.CodegenDirInternal,“uploads”);
-
As of ASP.NET 4.0, the property name referenced above is HttpRuntime.CodegenDir:
从ASP.NET 4.0开始,上面引用的属性名称是HttpRuntime.CodegenDir:
string uploadFolder = Path.Combine(HttpRuntime.CodegenDir, "uploads");
string uploadFolder = Path.Combine(HttpRuntime.CodegenDir,“uploads”);
At least now it's cached to disk so you don't have the memory issues from 1.0 and 1.1, but you still can't access it until it's been fully retrieved.
至少现在它已缓存到磁盘,因此您没有1.0和1.1的内存问题,但在完全检索之前您仍然无法访问它。
#3
3
Are you using the ASP FileUpload server control?
您使用的是ASP FileUpload服务器控件吗?
If so it is loaded into the servers memory until you do something with it.
如果是这样,它将被加载到服务器内存中,直到您对它执行某些操作。
This is from MSDN;
这是来自MSDN;
There is no inherent limitation on where you can save uploaded files. However, to save the file, the ASP.NET process must have permission to create files in the location that you specify. In addition, your application might be configured to require an absolute path (not a relative path) for saving the file, which is a security measure.
在哪里可以保存上传的文件没有固有的限制。但是,要保存文件,ASP.NET进程必须具有在指定位置创建文件的权限。此外,您的应用程序可能配置为需要绝对路径(而不是相对路径)来保存文件,这是一种安全措施。
#4
1
If you're serious about security, another related tip is to make certain the folder that you're saving files to is above the webroot so users cannot directly access it in any way. You can still give them the ability to delete their uploaded files with some database work, i.e. save the location and make sure each file is uniquely named (if the users are authenticating I just save the filename as USERNAME.XYZ where XYZ is the file's extension.
如果您对安全性非常认真,另一个相关提示是确保您保存文件的文件夹位于webroot之上,以便用户无法以任何方式直接访问它。你仍然可以让他们删除他们上传的文件与一些数据库工作,即保存位置,并确保每个文件唯一命名(如果用户正在验证我只是将文件名保存为USERNAME.XYZ,其中XYZ是文件的扩展名。
#5
1
For your scenario... I usually have an appsetting for any upload/temp location, with a default under ~/App_Data/Uploads/ It shouldn't be visible to the AV until the bytes are persisted to disk. If you really want active scanning, then you may wish to have a multi-stage queue... (also, you will want to do an Async request in ASP.Net), if you wait for any scan to complete.
对于你的场景...我通常有一个适用于任何上传/临时位置的appsetting,默认情况下在〜/ App_Data / Uploads /下它应该对AV不可见,直到字节持久存储到磁盘。如果你真的想要主动扫描,那么你可能希望有一个多阶段队列......(如果你等待任何扫描完成,你也想在ASP.Net中做一个异步请求)。
- You push the item into a queue to check in say 30 seconds (enough time for the AV scanner)
- 您将项目推入队列以检查说30秒(AV扫描仪有足够的时间)
- You save the file to an Upload directory (that gets checked)
- 您将文件保存到上载目录(已检查)
- You have another service check against the queue, and mark it as complete/processed if it still exists in 30 seconds
- 您对队列进行了另一项服务检查,如果它在30秒内仍然存在,则将其标记为已完成/已处理
- Your UI will check the queue every 10 seconds to see if it's done, then present that to the user.
- 您的UI将每隔10秒检查一次队列以查看是否已完成,然后将其呈现给用户。
I would consider white-listing your upload path with your native scanner, and see if there's an API exposed to run a manual scan on-request. An alternative would be to use ClamAV/ClamWin setup as a service scanner, you can run updates on it every hour (I've done this for mail systems), and it tends to be fairly decent with file signatures, even in archive files (if configured properly).
我会考虑使用您的本机扫描程序将您的上传路径列入白名单,并查看是否有公开的API以按请求运行手动扫描。另一种方法是使用ClamAV / ClamWin设置作为服务扫描程序,您可以每小时运行一次更新(我已经为邮件系统完成了这项工作),即使在存档文件中,文件签名也相当不错(如果配置正确)。
Also, you may wish to use 7z.exe (7-zip command line) to extract any archives. 7-zip can extract just about every archive type I've seen, even though it only supports a couple of compression targets for new archives.
此外,您可能希望使用7z.exe(7-zip命令行)来提取任何存档。 7-zip可以提取我见过的每种档案类型,即使它只支持新档案的几个压缩目标。
Hopefully this helps as I was going to append this as a comment to another post, but it was getting lengthy.
希望这有助于我将其作为评论附加到另一篇文章,但它变得冗长。
#6
0
Just like Cerebrus I will tell you that the UploadFile control will NOT write anything to the disk drive unless you tell it to.
就像Cerebrus一样,我会告诉你,除非你告诉它,否则UploadFile控件不会向磁盘驱动器写任何东西。