miniBB ® 

miniBB

®
Support Forums
  
 | Start | Register | Search | Statistics | File Bank | Manual |
Official Addons and Solutions miniBB Support Forums / Official Addons and Solutions /  
 

File Bank

 
 
Page  Page 2 of 5:  « Previous  1  2  3  4  5  Next »

Author canalrun
Partaker
#16 | Posted: 13 Jan 2011 16:30 
Hi again,

Everything works great. I just have one more question - guaranteed last one.

There is a certain PDF file that will not upload. I have added the mime type to addon_storage_options.php, and I can upload other PDF files. The size is smaller than the ones that uploaded successfully.

Then I noticed in the error message that the mime type was application/x-download. I have never seen this before.

Is there a way to define a wildcard for the file type while limiting the file size. I don't see this in either manual or option file anywhere. I would like to allow any type of file to be uploaded which is less than 1 MB. Only registered, signed in users can upload and the entire site is password protected. I don't see a problem allowing all file types.

Thanks,
Barry.

Author Paul
Lead Developer 
#17 | Posted: 14 Jan 2011 04:20 
It is only possible to define certain file types, which are allowed for upload. You can make it modifying addon_storage_options.php.

Allowing ALL files to be uploaded would mean a big security hole, so my script just doesn't allow it.

'application/x-download' may come from a suspicious file, having kind of virus or trojan or something like this inside. You are under big risk to allow such files to be uploaded on a public server.

Author canalrun
Partaker
#18 | Posted: 14 Jan 2011 08:54 
Thanks.

I hear you.

By adding a couple variables and modifying a statement, I figured out how to change it to allow all files while limiting the maximum size.

But I may change it back to your way.

How are mine types assigned and then tested for? The file in question is a PDF file from a reputable source, but it has that strange application/x-download mime type. You must do more than just look at the file extension?

Barry.

Author Paul
Lead Developer 
#19 | Posted: 14 Jan 2011 09:52 
canalrun:
You must do more than just look at the file extension?
I would do it with pleasure, if there would be a way for it. It's possible to upload JavaScript file under any extension like .JPG or .GIF, just providing the valid header inside the file. I suppose the weak recognition of such files is just anything the standard protocols could provide.

Also, MIME Type is assigned by the browser, so each browser may assign different types to the same extensions. There is no common agreement on that between developers.

So it's not that easy question as it might seem :-)

Author canalrun
Partaker
#20 | Posted: 14 Jan 2011 10:09 
Hi,
Thanks.

I suppose the best thing to do would be to perform a virus scan on each file as it was uploaded or just before it's accepted after upload.

I am sure this is extremely complicated, though. I wonder if there are any Web services that will do a virus scan on a file.

Barry.

Author canalrun
Partaker
#21 | Posted: 14 Jan 2011 10:49 
Hi Again,

I am intrigued by this upload problem. I did a little web searching and found this site (you may have already seen this):

www dot howtoforge dot com slash scan_viruses_with_php_clamavlib_p2

It's PHP code to integrate a virus scanner for file uploads.

I bet this would make a nice premium add-on to your storage add-on.

Thanks,
Barry.

Author Paul
Lead Developer 
#22 | Posted: 14 Jan 2011 11:53 
It's not that easy as it may look - the solution describes how to use the functions from 'php5-clamavlib' library, and it appears kind of weakly supported library itself :-) Virus scanners should be always up to date, and definitely this process would require rather calling kind of command line external application from PHP, than using this library. I suppose, that's why adding Virus Scan would be a very custom solution.

Author canalrun
Partaker
#23 | Posted: 15 Jan 2011 00:59 
Hi,
I found another option. There is an online, free virus scanner called Virus Total. They have a public API and someone has written a PHP interface.

See: virustotal dot com slash advanced.html#publicapi

I would be nervous about sending a URL unless it was to a temporary location.

Thanks,
Barry.

Author Paul
Lead Developer 
#24 | Posted: 15 Jan 2011 09:58 
When you click on "PHP implementation" - it appears to be deleted already ;-)

It's an utopia to use APIs like that. Seriously, there should be anti-virus software installed on server and it should be possible to execute it with a shell command. When the file is uploaded, PHP could send it via `exec` to this command and so get a verification if it has viruses or not, so upload it or not. That's the only possible serious solution.

Author canalrun
Partaker
#25 | Posted: 15 Jan 2011 11:35 
Hi,
Thanks again for your reply.

I'm on a hosted server, so I'm limited in what features I can install.

I am all for Utopia and visit whenever I get the chance :)

I found that the example was deleted also. It seems he now has a consulting business.

The API code in PHP should be extremely simple. I think a feature like this would make a fantastic premium add-on to your storage add-on, which is already excellent.

I am not saying this is the solution, but just thinking out loud.

Thanks,
Barry.

Author Paul
Lead Developer 
#26 | Posted: 15 Jan 2011 13:51 
Thanks, I really appreciate your suggestion. We'll see how it goes with such kind of features on the market. Until now, I don't see an easy and reliable way, but let's hope it sometimes happens, 'cause it truly could be kind of extra protection to forums.

Author Guest
~
#27 | Posted: 12 Feb 2012 01:29 
Just wondering if File Bank can has a file clean like file upload image gallery.. it's really great.. if there is no links in posts or topic could be deleted like file image gallery?

Author Paul
Lead Developer 
#28 | Posted: 13 Feb 2012 10:45 
The only way to delete files from the File Bank, is to access its listing section (it's hidden on miniBB forums for guests, but you may access it here) and delete or verify (look up) all files from there. This may help you as a sort of cleaning tool. In theory, it possible to program an automated tool which removes files not used in messages. But the current version has only manual handling of it. If you would like to order a customized script, you are welcome to sponsor it. It's not the same script as in File Attachments. Messages and files do not have associated IDs to synchronize them. That's why the script should go through all files, through all messages and some way look them up - how much time it would take on bigger forums?.. This tool should be programmed some tricky way, it's not cheap to develop.

Author Guest
~
#29 | Posted: 20 Feb 2012 03:29 
Paul:
how much time it would take on bigger forums?.. This tool should be programmed some tricky way, it's not cheap to develop.
Ok then.. I want that.. whenever you have time please develop it for me if possible, (I emailed you recently about big brother).
But I don't want my user appear here. Appreciate it ;)

Author Jaime
Partaker
#30 | Posted: 6 Dec 2012 17:17 
Paul:
'application/x-download' may come from a suspicious file, having kind of virus or trojan or something like this inside. You are under big risk to allow such files to be uploaded on a public server.
REF:#application/force-download#1283955#nur-ein_kleiner_test-1.zip#zip, in the zip (1,2mb) is an pdf-dok with the same name .. and no virus ;-)

In the Options i have:

$anonUsersFiles=array(
'image/jpeg'=>256000,
'image/pjpeg'=>256000,
'image/gif'=>256000,
'application/pdf'=>102400,
'application/x-zip-compressed'=>2048000,
'application/zip'=>2048000
);

Whats wrong ?

Page  Page 2 of 5:  « Previous  1  2  3  4  5  Next » 
Official Addons and Solutions miniBB Support Forums / Official Addons and Solutions /
 File Bank
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


  ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.


Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.

 

 
 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Get the Captcha add-on: protect your miniBB-forums from the automated spam and flood.


  ⇑