We have a public web site that allows users to upload PDF and image file formats (JPG, GIF, TIF, PNG). We need a way to check the files for viruses.
This is a low volume site, only about 10 files being uploaded per hour on average.
Application is J2EE running in WebSphere and running on AIX servers.
It sounds like there are two main approaches:
1) Identify the threat before the file lands on AIX server in data center.
2) Detect the thread after it is uploaded on AIX server.
No matter what, we want to identify the threat immediately and reject the file immediately.
Does ICAP protocol with McAffee Web Gateway allow threats to be detected while being downloaded? Is there a reference architecture for how this works with existing Web And App Servers?
We think that we want McAfee running on Windows to detect the threat. Does McAfee software have a service that can be called from java code running on AIX to detect a thread in a file?
MWG has been using ICAP forever, so we know plenty about ICAP.
In this case though, I could see MWG act as a ICAP server and a reverse proxy. With ICAP, the files could be sent over and checked when they are uploaded (the AIX would be the ICAP client). Acting as a reverse proxy MWG could scan each download by users from the AIX server.
Thinking about it further, the MWG could simply be a reverse proxy and scan both uploads and downloads. This would eliminate the need for creating a special java ICAP client tool. I have had customers using MWGs as a reverse proxy to protect their WebSpheres in the past.