Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a malicious file scanning API in between upload-time and adding to the database #103

Open
jaw12346 opened this issue Oct 31, 2023 · 0 comments
Assignees
Labels
enhancement New feature or request

Comments

@jaw12346
Copy link
Member

Is your feature request related to a problem? Please describe.
When files are uploaded to ACMAS there is no safety validation check to ensure that the file isn't malicious before being offered to end-users.

Describe the solution you'd like
We should add an intermediate step between a user uploading a file to the site and making it accessible through the search features. www.virustotal.com seems as though they offer a 500 requests/day @ 4 requests/minute free-tier through which we could send the file for verification before adding it to our database.
Given that users are now required to be signed in to gain the ability to upload, we should also automatically ban the user and block their username and email from being used to create a new account in the future. A great additional step would be to block their MAC address, if that's something we can query through Python/Django.

@jaw12346 jaw12346 added the enhancement New feature or request label Oct 31, 2023
@jaw12346 jaw12346 self-assigned this Oct 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

When branches are created from issues, their pull requests are automatically linked.

1 participant