Skip to content

jschroeder9000/carrierwave-virus_free

Repository files navigation

Carrierwave::VirusFree

Validate carrierwave uploads are virus free with clamav.

Installation

Add this line to your application's Gemfile:

gem 'carrierwave-virus_free'

And then execute:

$ bundle

Or install it yourself as:

$ gem install carrierwave-virus_free

ClamScan Dependency

This gem requires the clam_scan gem which requires that you have ClamAV installed. You may also need to configure it according to your needs - pointing it to the right location to clamscan/clamdscan on your system, setting it to delete infected files, etc. See the clam_scan gem documentation for more details.

Usage

ClamScan.configure do |config|
  # see clam_scan documentation for details
end

class MyModel < ActiveRecord::Base
  mount_uploader :file, MyUploader

  validates :file, virus_free: true
end

It's that easy.

I18n

Validation error messages are processed through I18n. See lib/carrierwave/virus_free/locale/en.yml for default messages and relevant keys to override.

Lazy validation

As of 0.1.0, validation is lazy in that it does nothing if the model attribute with the uploader mounted has not changed. This increases compatibility in cases where the final storage location of a file is not local, but also implies that a file could be changed to something malicious by an external process and would not be caught by further validation. E.g.:

  • User uploads safe file which gets saved somewhere
  • Some external process overwrites this file with something malicious
  • You call model.valid? and it returns true because your model is not aware of the file changing (model.file_changed? is false) even though the file is now something that clamav would catch as malicious

Please be aware of this caveat. You can protect against this by preventing external processes from modifying you application's files and/or you can use clam_scan directly.

Contributing

  1. Fork it ( https://github.com/jschroeder9000/carrierwave-virus_free/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages