Currently we assume that any file that is uploaded is "clean". For data ingested from instruments, this assumption is pretty safe (and if not, then the installation has big problems!). But users can also upload datafiles directly, and that presents a bigger risk.
One way to deal with this is to regularly scan the filestore at the operating system level, but that leaves us with a "window" during which time infected files sit undetected. I propose that we also implement some kind of "hook" that allows MyTardis to call an external virus checker to scan each file as part of the ingest / upload process.
Currently we assume that any file that is uploaded is "clean". For data ingested from instruments, this assumption is pretty safe (and if not, then the installation has big problems!). But users can also upload datafiles directly, and that presents a bigger risk.
One way to deal with this is to regularly scan the filestore at the operating system level, but that leaves us with a "window" during which time infected files sit undetected. I propose that we also implement some kind of "hook" that allows MyTardis to call an external virus checker to scan each file as part of the ingest / upload process.
original LH ticket
This ticket has 0 attachment(s).