Expert: Carolyn Meinel - 9/21/2004

Question
Hello,
My name is Sunil and I am currently building a web site. I am interested in finding out how to scan files to prevent anti virus software from being uploaded.
I have Norton Anti Virus but I dont know how to use it .  

Answer
To monitor your filesystem in the website for changes, you could use Tripwire, from http://www.tripwire.com/ In order to install it, you need administrative control over the webserver. If you are using a web farm where you are one of many using the same server, there is nothing you can do. If you want a secure website, you need to own the computer it runs on. Ask an Internet provider for a "colocated" service, in which they let you hook up your computer on their premises.

Why do you only want to keep antivirus programs from being uploaded to your website? They won't hurt anyone and there is no reason anyone should want to break into your website just to upload helpful programs. Did you mean viruses? Ideally, you should monitor yopur website to prevent anything whatsoever from being uploaded without your permission. Tripwire will let you know if this ever happens.

Also, you may wish to prevent cross-site scripting on your website. This depends upon what webserver you are running. Try a Google search on the name of your webserver and "cross-site scripting" to learn how to prevent it for your webserver. If you are running Apache, this is easy. If you are running IIS, this is hard. Again, in this case you will need to own the computer running your website.