I am currently developing a social networking site using RoR that uses the attachment_fu plugin to handle image uploads. I also want to enable users to upload photoshop files, but am worried about security vulnerabilities because I want other users to be able to download these photoshop files. What is to stop someone from uploading a malicious file (i.e. virus) just by changing the extension? I don't want someone downloading a file with a virus on it from my site. Is there any way to screen files for viruses when they are uploaded in RoR? Any thoughts? Thanks.
Use the callbacks of attachment_fu that are executed after the upload (my mind’s focussed on other stuff right now, so the exact method name doesn’t come to mind) and run the file through ClamAV via the ´commandline command´ or system ruby calls.
Best regards
Peter De Berdt
