What would be the best way to make sure that an uploaded file doesn’t contain malicious code?
Most resources I had found are a bit dated. I was thinking along the lines of validators, async tasks and clamav, but I am open to suggestions.
I’m not sure there’d be much difference in how I’d approach this over the past 6 years. We have clamav running on the server, and it scans the “media” directory tree. There’s a small window of time between when a file is uploaded and when it has been scanned, but that’s a risk we’re willing to accept. (Of course, this is an internal project with few users and a light load, so it really is a minimal-to-nonexistent risk for us.)
Hi Ken,
do you know what happens if a file is missing (deleted via clamAV) is there an Exception in Django or will this just trigger a 404 on nginx?
If your nginx is set up to serve media files (ours is), it’s an nginx 404. If you’ve got some kind of Django-based security layer wrapped around your media file collection, you could handle that situation directly in your security layer.