https://man.liquidfiles.com
LiquidFiles Documentation

This article outlines how you can install Attachment Upload Actionscripts. This enables the ability to run custom AV solutions in addition to the builtin ClamAV scanner, integration with DLP solutions or any other function where you want to perform some function to determine if a file should be permitted to be uploaded/sent or not.

Installation of custom AV engines and similar is not covered by this guide. As long as you use standard CentOS yum packages, you should be fine.

The Attachment Upload Actionscript that will be executed like:

env EMAIL=<users_email_address> GROUP=<users_group_name> your_actionscript.ext /path/to/uploaded/file

The script uses exit codes to determine if the file was clean/permitted or not.

  • An exit code of 0 means that the attachment will be permitted.
  • An exit code of 1 or above means that the file will be deleted and marked as virus infected.

Any output from the script will be fed back to the user as the reason to why the file was not permitted. The output will be silently ignored if the file was permitted.

By using either the EMAIL of GROUP environment variable, you can create a different policy for different users.

Please note that you can use any programming language that you're comfortable with, that can be executed on the LiquidFiles system. Typically this would mean: perl, ruby, python, bash, sh or c.

A very basic example of a filescan script would like like this:

#!/usr/bin/env ruby

# assign the user and group to variables (not strictly needed for this example)
user=ENV['USER']
group=ENV['GROUP']

if ARGV[0] =~ /\.png$/i
  puts "PNG's are not allowed"
  exit 1
end

This script will simply check if the filename ends in .png or not.

A more complex example like the following assumes that you have the Sophos AV scanner installed:

#!/bin/bash

# Sophos - comercial AV scanner for Unix systems
#
# sweep - sophos scanner tool
#
# Parameters:
#   -q         Quick scan
#   -ss        Don't display anything except on error or virus
#   -archive   Scan compressed files (zip, gzip, arj, cmz, tar, rar, cab)
#
# Exit code:
#     0        No virus has been found
#     3        Virus has been found

file_path="$1"

if [[ -f "$file_path" ]]; then
    result=$(/usr/local/bin/sweep -q -ss -archive  $file_path)
    exit_code=$(echo $?)

     if [[ $exit_code > 0 ]]; then
         echo "Sophos AV result: $result"
     fi
 
exit $exit_code

fi