I\'m working on an application that makes use of the Symantec Protection Engine
ID: 656199 • Letter: I
Question
I'm working on an application that makes use of the Symantec Protection Engine to scan uploaded files. I'm having issues with my files after they have been scanned. One possible solution I've seen is to store the uploaded file in a temporary folder, then stream it to the protection engine. If the engine determines the file is clean, I would then access the file from the temporary folder and pass it on to it's final home. If the file is dirty, delete the temporary folder and let the user know what the problem is.
So the question is, would storing the possibly infected files in a temporary folder open the system up to infections?
Explanation / Answer
There's nothing inherently dangerous about a virus stored on a hard drive. To infect something viruses have to be executed in some manner. That means either directly being executed by the user, or exploiting some vulnerability in an application that opens the file.
Deleting the file if the engine says it's infected is also problematic. No anti-virus engine is perfectly accurate, and false positives happen all the time. This is why the general practice is to put infected files into a quarantine so they can be inspected manually later. That may or may not be appropriate for you based on your use case, but you do need to keep in mind that false positives happen all the time, and are normally more likely than viruses.