virus scanning as a service – looking for feedback

I’m looking for feedback on a project idea.  This grew out of a project I did last year that involved a lot of user file uploads that are then downloadable by others.  Virus scanning needed to be part of the process, but I couldn’t find a good service out that that offered this.  I did find one, but they explicitly forbid commercial use of the service, which somewhat took it of the table.

So.. feedback please.  Have you ever needed a service like this?  Did you just roll your own, or perhaps just went without?

I'm currently working on a book for web freelancers, covering everything you need to know to get started or just get better. Want to stay updated? Sign up for my mailing list to get updates when the book is ready to be released!

Web Developer Freelancing Handbook

Be Sociable, Share!

{ 10 comments to read ... please submit one more! }

  1. I once worked on a project that involved user-generated content. Once content was uploaded, it went into a pending state while any transcoding and other transformation was being done. But we also virus scanned the content as step one of the process.

    If I recall correctly, we used a Linux-based version of McAfee to perform basic scanning. It would’ve been great to have a service that we could send the raw data to and have it give us a response.

    However, it wasn’t too difficult to implement the process on our own machines. If I were wanting to virus scan multi-megabyte files that would need to be POSTed or otherwise communicated to an external service, there are bandwidth costs associated with that. The cost of the service + bandwidth would probably be greater than the cost of the local virus scanning software, assuming its license fee isn’t astronomical.

    Just some initial thoughts. However, if such a service existed with relatively reasonable fees and a simple integration path, it could definitely be attractive.

  2. Thanks for the feedback. This is a similar situation I’m in, except that the budget didn’t go far. I talked to some colleagues who run web forums and such, and they rarely ever scan, as most are just hosted wordpress and phpbb type installs. Agreed that posting large files may impose an extra bandwidth fee if done a lot – certainly something to think about. Obviously localized scanning is going to be fastest, but if you don’t have the ability or budget to install something like a local McAfee, there seem to be few other options, and I’m looking to see how much, if any, interest/demand there may be for something like this.

  3. Josh Johnston

    ClamAV is a great free option for local scanning. It also runs as a client/server clamd and clamc for scanning. You may want to give it a look.

  4. I’m aware of it. Not everyone can necessarily install it, though.

  5. That’s a great idea I wish I had.

    It’s useful and efficient for a lot of use cases.

    Of course as video transcoding service, if you use them too much it’s smarter to buy or build your own system than renting it.

  6. Thanks Nicolas.

    Agreed, at some point there’s a better argument to be made for owning/building rather than leasing, but that’s the case with almost everything, probably even mail delivery too :)

  7. Michael Pelz-Sherman

    This does seem like a very useful service, and it’s surprising that the big virus protection companies don’t already offer something like this.

    My employer should be scanning uploaded files for viruses, but we don’t. I’m willing to bet we’re not alone. I wonder how Facebook or YouTube handle this?

    Is this the company you mentioned?

    Brian’s point about the bandwidth cost is well-taken. I’d imagine the reason this hasn’t taken off already is that most companies who really need such a service have the ability to roll their own.

  8. virustotal was one – there was some other I found (or thought I did) but can’t locate now.

    Bandwidth costs *might* be a factor, but many smaller orgs have quite a lot of bandwidth available to them at a fixed base rate, for example.

    Rackspace has 18c/gig bandwidth (which still seems a bit pricey to me), but that would allow for sending of 1000 1 meg files per day at 18cents – a full month of that – 30,000 files at 1 meg each, for $6 in bandwidth charges. I suspect other providers may have even cheaper bandwidth charges (actually, I know they do).

    Three other things I’m investigating right now before opening up the beta:

    1. Multiple scanning engines
    2. Callback URL functionality
    3. “After the fact” scanning – not sure what to call this – but want to offer the option of holding on to files and rescanning them for up to X days, using updated engines/signatures, and alert you back if a file that was previously marked ‘no virus’ has later been detected as potentially having a virus.

    I suspect the reason larger virus companies don’t offer this is that it’s too profitable at the top end, and they’ve all got large families to feed, yachts to keep afloat, etc. :)

  9. Did anything come out of your idea? Did you build it or did you find another service? Currently, we’re also looking for such a service with a focus on scanning for Windows viruses (Mac and *nix would be nice but are not necessary).

  10. A beta is migrated to a new server in the next couple days – please check and sign up for the beta when it’s available again. Thanks.

{ 0 Pingbacks/Trackbacks }

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>