Will Eset File Security protect web server from users uploading potentially harmful files?

Question

Our client has asked us to allow their users to upload Excel spreadsheets with macros but raised a concern about potentially harmful files being circulated between users.

A user is basically an author of articles to which they can attach files to share with their internal communities. Currently we restrict any macro based files but it has now become important for them to be able to share XLTM files.

The environment:

• Windows Web Server 2008R2
• Eset File Security (latest)
• Asp.net based CMS system (Dnn)

My questions:

1. Will Eset scan the file after it's uploaded or is it only if someone working on the server tries to open the file? (If the latter then we could still be spreading infected files because the next user that views the article and downloads the attachment wouldn't know that it's not safe unless they had good antivirus software, which we can't guarantee and have little control over)
2. If Eset detects a problematic file will it intervene somehow in the HTTP Request pipeline? (I.e. I'm trying to understand what will happen when a user clicks the publish button for an article. If Eset finds an infected file, will it somehow end the current request prematurely (perhaps throwing a HTTP 500 error) which in effect stops the article from being published (the user at least knows something went wrong and we don't end up with infected files on the server at all).

Answer 1

Security software will scan on write and read so it should block an infected file when the server attempts to write it to disk. How this is handled from the end user's perspective depends on the behavior of software performing the write when that action fails.

I don't use Eset products specifically, but this behavior is nearly ubiquitous across antivirus/anti-malware solutions.

Answer 2

For greatest security, have files uploaded to a server which has no software installed that could open the file (other than antimalware suite) and then scan it with multiple antimalware utilities or submit to VirusTotal before making the document available on the network.