Does convex do auto virus scans?
I am making a website where users can post files but I want to check if the file is corrupted first before uploading
16 Replies
Thanks for posting in <#1088161997662724167>.
Reminder: If you have a Convex Pro account, use the Convex Dashboard to file support tickets.
- Provide context: What are you trying to achieve, what is the end-user interaction, what are you seeing? (full error message, command output, etc.)
- Use search.convex.dev to search Docs, Stack, and Discord all at once.
- Additionally, you can post your questions in the Convex Community's <#1228095053885476985> channel to receive a response from AI.
- Avoid tagging staff unless specifically instructed.
Thank you!
no
I doubt. You’ll have to handle that yourself
No im pretty sure we dont scan for virus in file storage. @james would be able to say for sure tho
It was a no... I checked the support team 😢
@퍼플 Working on something, give me until weekend, I'll share a component you can use. Can you explain your use case in detail so I can add that feature?
Disclaimer: I'm not affiliated with the Convex team but I started working on something like this some weeks ago. I'll share a repo with you this weekend
@퍼플 checkout https://www.npmjs.com/package/clamscan. What i would recommend is saving the file to convex but have a state like
unverified for the file. Then process and check if using the package, if its valid then update the status of the file to valid and on the client it would be come visible to users. If not valid, then you can delete it from the convex storage.@Jamal Looking at the api for clamscan, it requires absolute / relative path to the file within a server. It may not work well for serverless archiectures like Convex.
Except you maybe host this somewhere yourself, push the file to that server and scan before getting a response. Quite a lot to handle here
i havent tested the library with convex but you could pass in the convex file url maybe?
the convex api would return the file blob which should match the library api
A few caveats....
- Last update to the package was 8months ago
- Convex actions have a 10mintes timeout. For larger files, this may not scale
- The package's api doesn't seem to handle file URLs or blob directly but through axios streams (I saw this example)
- Most packages that deal with internal node filesystems APIs may not work well or work at all in convex (I've had this experience)
The way out I can think is to outsource this file to a 3rd party / host your own server, pass the URL to the server and do the scan on that 3rd party server yourself.
Figuare a way to poll for results or check for status of a scan (You do not want to wait for a scan because of timeout)
Makes sense, I didnt think it would be easy. Having control of the server would make this easier but convex is more serverless and thus makes it harder to solve this problem. Any kind of processing might just need a dedicated server for this kind of thing.
I am trying to solve it by using my private server as a scanner but it is kind of hard 😢
@퍼플 How urgent / important do you need this? Can you explain your use case? I;ve asked these before.
I may be able to help you on Saturday
Um, I don't need it very quickly though I am using it as practice purpose
This is just for practicing
@퍼플 Oooh I see. The way I wanted to handle it was make a convex components
- Upload files to convex storage but do not use the storage.url to get the actual URL of the file until it is scanned
- Post files to a 3rd parrty service / server (I considered virus total but the drawback is they keep your files)
- When you post the files via the file URL, add a record to the componetns DB with it's storage ID
- Have a mechanism to poll / use a webhook to get the result of a scan based on the storage ID
- Only when we confirm that the file has been scanned and not malicious we expose the URL.
- You replace the storage.getIUrl with the component's version of getUrl so that you can check that is has been scanned
Quite complex but this is how I'll handle it. You can also do this without a component by using a separate table that maps to storage ID. All you need do is upload files to convex storage but have a function like
getSafeFileUrl, this function will only return a url when scan results is complete and its not maliciousThanks!