Discussion:
Scanning for XSS in HTML files using the ClamAV Daemon service..
anil chalamalasetti
2010-03-30 17:56:16 UTC
Permalink
I am trying to scan files that have been uploaded for Viruses and one
of the features I am looking for is to scan for XSS in uploaded HTML
files. Can the CLAMAV support this kind of scanning?

Thank you
Anil
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
John Williams
2010-03-30 18:44:34 UTC
Permalink
On Tue, Mar 30, 2010 at 10:56 AM, anil chalamalasetti <
Post by anil chalamalasetti
I am trying to scan files that have been uploaded for Viruses and one
of the features I am looking for is to scan for XSS in uploaded HTML
files. Can the CLAMAV support this kind of scanning?
Thank you
Anil
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
I can't answer your question truthfully with regard to whether or not this
type of scanning is possible. I'd have to lean toward no just based
on intuition as it's a pretty outside edge case as well as outside of what
most people would consider an AV's purpose, though clam may very well.

However as some advice. You're accepting user uploaded html. XSS can only
work if you allow your user to upload JS (or another script type). In this
case you're likely looking at <script> tags as well as tag attribute based
js. Depending on what you are allowing your users to upload the html for
you have a lot of work ahead of you. XSS is relatively easy to avoid with
user uploaded html. Simply strip out anything resembling JS (or any other
scripting language). You can do this with a myriad of html/xml parsers
available.

You should have many other concerns in mind...many of them far more
difficult to deal with than the XSS. Malicious html is far harder to detect
and will require a lot of vigilance and frequently updated filters to deal
with.

You should read up a bit, as XSS attacks are not very similar to viruses.
Filtering and parsing are going to be far better tools and require a lot
more effort.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
anil chalamalasetti
2010-03-30 19:04:19 UTC
Permalink
Thanks John, for the quick reply.

I was hoping that Clam supports XSS as i have seen some definitions
that says XSS in them in the user forum,but looks they are not for
this purpose.

Anyways, I am considering doing the stripping as you have mentioned,
however my knowlege on XSS is limited. Therefore, i would rather have
a tool. Can you please refer me to any tool that you might have come
across which could be used.

Thanks again.
Anil
Post by John Williams
On Tue, Mar 30, 2010 at 10:56 AM, anil chalamalasetti <
Post by anil chalamalasetti
I am trying to scan files that have been uploaded for Viruses and one
of the features I am looking for is to scan for XSS in uploaded HTML
files. Can the CLAMAV support this kind of scanning?
Thank you
Anil
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
I can't answer your question truthfully with regard to whether or not this
type of scanning is possible. I'd have to lean toward no just based
on intuition as it's a pretty outside edge case as well as outside of what
most people would consider an AV's purpose, though clam may very well.
However as some advice. You're accepting user uploaded html. XSS can only
work if you allow your user to upload JS (or another script type). In this
case you're likely looking at <script> tags as well as tag attribute based
js. Depending on what you are allowing your users to upload the html for
you have a lot of work ahead of you. XSS is relatively easy to avoid with
user uploaded html. Simply strip out anything resembling JS (or any other
scripting language). You can do this with a myriad of html/xml parsers
available.
You should have many other concerns in mind...many of them far more
difficult to deal with than the XSS. Malicious html is far harder to detect
and will require a lot of vigilance and frequently updated filters to deal
with.
You should read up a bit, as XSS attacks are not very similar to viruses.
Filtering and parsing are going to be far better tools and require a lot
more effort.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Loading...