Greetings,

Hi guys, i have setup a IIS FTP in my Win2000 Server. How can i ensure that
the file download/upload is virus free? Is there any virus scan that is built
specifically for IIS FTP? Or i juz make do with any Desktop base virus scan
like Symantec AV?
I need to make sure that all file transfers in this FTP server is virus free
(at least 99.99%)

[quoted text, click to view]

I'll agree with Jeff's assessment, but add one of my own - it is generally a
bad idea to make an FTP site that anonymous users can upload to. It is an
especially bad idea if those files can then be immediately downloaded by
anonymous users.

Aside from the virus distribution issue you have alluded to, there are
unsavoury characters out there who see open FTP sites as an invitation to
upload huge (hundreds of gigabytes) quantities of stolen software, pirated
movies, obscene materials, etc in an anonymous fashion to share with their
accomplices. You'll see references throughout this group to FTP servers
that have been "tagged" - this is a measure some of these uploaders take in
order to prevent you from deleting their files, or to make it harder for you
to delete them.

I would advise creating a separate upload account - give it your choice of
name, for increased protection, change the name and password regularly, and
give out the password only to people who have requested it. Make this
upload account deposit files into an area that is not available for
download, and scan it every so often for new files. Verify that those new
files are safe and appropriate before moving them over to the download area.

This advice isn't really necessary if you have authenticated users doing the
uploading and downloading, obviously, since you can disable user accounts
for any authenticated users that abuse your server.

Alun.
~~~~

On Thu, 18 Nov 2004 00:35:01 -0800, Alpaje
[quoted text, click to view]

On access scanners will usually have no problems doing this. There is
no ability to run an external program on uploaded files in Microsoft's
FTP.