{"id":17212,"date":"2012-03-05T15:17:50","date_gmt":"2012-03-05T15:17:50","guid":{"rendered":"https:\/\/wordpress.org\/plugins-wp\/upload-scanner\/"},"modified":"2012-05-19T19:15:42","modified_gmt":"2012-05-19T19:15:42","slug":"upload-scanner","status":"closed","type":"plugin","link":"https:\/\/ve.wordpress.org\/plugins\/upload-scanner\/","author":8087089,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.2","stable_tag":"1.2","tested":"3.4.2","requires":"3.2","requires_php":"","requires_plugins":"","header_name":"Upload Scanner","header_author":"Kurt Payne","header_description":"","assets_banners_color":"a79991","last_updated":"2012-05-19 19:15:42","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/github.com\/kurtpayne\/wordpress-upload-scanner-plugin","header_author_uri":"http:\/\/kpayne.me\/","rating":5,"author_block_rating":0,"active_installs":10,"downloads":5654,"num_ratings":1,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":[],"upgrade_notice":{"1.2":"<p>Internationalization.  Testing with WordPress 3.4.<\/p>","1.1":"<p>First release on WordPress.org repository<\/p>"},"ratings":{"1":0,"2":0,"3":0,"4":0,"5":"1"},"assets_icons":[],"assets_banners":{"banner-772x250.png":{"filename":"banner-772x250.png","revision":"515430","resolution":"772x250","location":"assets"}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.1","1.2"],"block_files":[],"assets_screenshots":{"screenshot-2.png":{"filename":"screenshot-2.png","revision":"1539141","resolution":"2","location":"plugin"},"screenshot-3.png":{"filename":"screenshot-3.png","revision":"1539141","resolution":"3","location":"plugin"},"screenshot-1.png":{"filename":"screenshot-1.png","revision":"1539141","resolution":"1","location":"plugin"}},"screenshots":{"1":"Options screen.","2":"Log viewer.","3":"Sample e-mail report."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[1175,62891,1184,6464,9231],"plugin_category":[54],"plugin_contributors":[77962],"plugin_business_model":[],"class_list":["post-17212","plugin","type-plugin","status-closed","hentry","plugin_tags-antivirus","plugin_tags-clamav","plugin_tags-malware","plugin_tags-scanner","plugin_tags-syslog","plugin_category-security-and-spam-protection","plugin_contributors-kurtpayne","plugin_committers-kurtpayne"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/upload-scanner_a79991.svg","icon_2x":false,"generated":true},"screenshots":[{"src":"https:\/\/ps.w.org\/upload-scanner\/trunk\/screenshot-1.png?rev=1539141","caption":"Options screen."},{"src":"https:\/\/ps.w.org\/upload-scanner\/trunk\/screenshot-2.png?rev=1539141","caption":"Log viewer."},{"src":"https:\/\/ps.w.org\/upload-scanner\/trunk\/screenshot-3.png?rev=1539141","caption":"Sample e-mail report."}],"raw_content":"<!--section=description-->\n<p>Scan uploaded files with ClamAV or run system commands against uploaded files. \u00a0This allows you to integrate third party malware scanners.<\/p>\n\n<p>This plugin <strong>requires<\/strong>\u00a0either ClamAV or another third-party scanner to be installed. \u00a0This plugin will pass uploaded files to the scanner and take appropriate actions based ont he results, but it is not, itself, a malware scanner.<\/p>\n\n<p>If you have a dedicated server, you can install <a href=\"http:\/\/php-clamav.sourceforge.net\">php-clamav<\/a> for performance and convenience.<\/p>\n\n<p>Banner image from <a href=\"http:\/\/www.flickr.com\/photos\/runlevel0\/3647554681\/in\/photostream\/\">Eric Martinenz<\/a><\/p>\n\n<!--section=installation-->\n<p>Automatic installation<\/p>\n\n<ol>\n<li>Log into your WordPress admin<\/li>\n<li>Click <strong>Plugins<\/strong><\/li>\n<li>Click <strong>Add New<\/strong><\/li>\n<li>Search for <strong>Upload Scaner<\/strong><\/li>\n<li>Click <strong>Install Now<\/strong> under \"Upload Scanner\"<\/li>\n<li>Activate the plugin<\/li>\n<\/ol>\n\n<p>Manual installation:<\/p>\n\n<ol>\n<li>Download the plugin<\/li>\n<li>Extract the contents of the zip file<\/li>\n<li>Upload the contents of the zip file to the wp-content\/plugins\/ folder of your WordPress installation<\/li>\n<li>Then activate the Plugin from Plugins page.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt>It says ClamAV isn't installed?<\/dt>\n<dd><p>You'll need to install ClamAV and <a href=\"http:\/\/php-clamav.sourceforge.net\">php-clamav<\/a>.  You don't actually need ClamAV to use this plugin, though. \u00a0You can use the system command to run another scanner that can accept input on the command line.<\/p>\n\n<p>For example, you could scan with avira like this:<\/p>\n\n<pre><code> avscan $UPLOAD_SCANNER_ORIG_TEMPNAME\n<\/code><\/pre><\/dd>\n<dt>It says exec is disabled<\/dt>\n<dd><p>Your server admin has probably disabled the \"exec\" function. \u00a0You'll want to talk to your server admin before moving forward with this plugin. \u00a0They may be able to help, or they may have other security measures in place that mean you don't need this plugin.<\/p><\/dd>\n<dt>Why doesn't this plugin offer a \"delete file\" option?<\/dt>\n<dd><p>PHP automatically deletes the files for you if they're not handled.<\/p>\n\n<p>\"The file will be deleted from the temporary directory at the end of the request if it has not been moved away or renamed.\"<\/p>\n\n<p>http:\/\/www.php.net\/manual\/en\/features.file-upload.post-method.php<\/p><\/dd>\n<dt>Are there any security issues running shell commands?<\/dt>\n<dd><p>The only user input that is passed to the shell command is the original file name chosen by the user, and this is passed through escapeshellarg() to sanitize it. \u00a0Otherwise, the only command that's run is chosen by you. \u00a0It's left to your server admin (or you) to determine that it's safe for you to issue commands. This plugin <em>should<\/em> prevent attacker input from making it into the command.  Let me know if you see any problems.<\/p><\/dd>\n<dt>Is this compatible with Multisite?<\/dt>\n<dd><p>I haven't tested this with Multisite yet. \u00a0If you have input, let me know.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.2<\/h4>\n\n<ul>\n<li>Internationalized strings<\/li>\n<li>Marked compatibility with WordPress 3.4<\/li>\n<\/ul>\n\n<h4>1.1<\/h4>\n\n<ul>\n<li>Added logging<\/li>\n<\/ul>\n\n<h4>1.0<\/h4>\n\n<ul>\n<li>Released<\/li>\n<\/ul>","raw_excerpt":"Scan all uploaded files with ClamAV or your favorite malware scanner","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ve.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/17212","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ve.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/ve.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/ve.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=17212"}],"author":[{"embeddable":true,"href":"https:\/\/ve.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/kurtpayne"}],"wp:attachment":[{"href":"https:\/\/ve.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=17212"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/ve.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=17212"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/ve.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=17212"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/ve.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=17212"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/ve.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=17212"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/ve.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=17212"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}