Project

carrierwave-virus_free

0.01
No commit activity in last 3 years
No release in over 3 years
carrierwave-virus_freejschroeder9000/carrierwave-virus_freeHomepageDocumentationSource CodeBug TrackerWiki
Validate carrierwave uploads are virus free with clamav.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
89,149
Stars
7
Forks
3
Watchers
2
 Releases
Current version
0.1.0
Total releases
4
First release
2014-09-30
Latest release
2015-12-23
 Issues
Open Issues
0
Closed Issues
2
Total Issues
2
Issue Closure Rate
100%
 Pull Requests
Open Pull Requests
1
Closed Pull Requests
0
Merged Pull Requests
2
Pull Request Acceptance Rate
66%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2015-08-04
Reverse Dependencies
0

 Dependencies

Development

activerecord
>= 0
bundler
~> 1.6
combustion
~> 0.5.3
pry-byebug
>= 0
rake
>= 0
rspec-rails
~> 3.4.0
sqlite3
>= 0

Runtime

activemodel
>= 0
carrierwave
>= 0
clam_scan
>= 0
 Project Readme

Carrierwave::VirusFree

Validate carrierwave uploads are virus free with clamav.

Installation

Add this line to your application's Gemfile:

gem 'carrierwave-virus_free'

And then execute:

$ bundle

Or install it yourself as:

$ gem install carrierwave-virus_free

ClamScan Dependency

This gem requires the clam_scan gem which requires that you have ClamAV installed. You may also need to configure it according to your needs - pointing it to the right location to clamscan/clamdscan on your system, setting it to delete infected files, etc. See the clam_scan gem documentation for more details.

Usage

ClamScan.configure do |config|
  # see clam_scan documentation for details
end

class MyModel < ActiveRecord::Base
  mount_uploader :file, MyUploader

  validates :file, virus_free: true
end

It's that easy.

I18n

Validation error messages are processed through I18n. See lib/carrierwave/virus_free/locale/en.yml for default messages and relevant keys to override.

Lazy validation

As of 0.1.0, validation is lazy in that it does nothing if the model attribute with the uploader mounted has not changed. This increases compatibility in cases where the final storage location of a file is not local, but also implies that a file could be changed to something malicious by an external process and would not be caught by further validation. E.g.:

  • User uploads safe file which gets saved somewhere
  • Some external process overwrites this file with something malicious
  • You call model.valid? and it returns true because your model is not aware of the file changing (model.file_changed? is false) even though the file is now something that clamav would catch as malicious

Please be aware of this caveat. You can protect against this by preventing external processes from modifying you application's files and/or you can use clam_scan directly.

Contributing

  1. Fork it ( https://github.com/jschroeder9000/carrierwave-virus_free/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request