Carrierwave::Attachmentscanner allows you to scan any file uploaded by CarrierWave for viruses or other malicious content.
It works by sending the upload to Attachment Scanner to be checked and then raising an error if the file matches a known database.
carrierwave-attachmentscanner to your
Download and install by running:
Initialize the scanner with your
(If you don't already have these values head to
Attachment Scanner and sign up for an account):
Adding to an Uploader
You can then include
CarrierWave::AttachmentScanner in your uploaders:
class YourUploader < CarrierWave::Uploader::Base include CarrierWave::AttachmentScanner end
Adding your credentials
bundle exec rails generate carrierwave_attachmentscanner:config [CLUSTER_URL] [API_TOKEN]
This will create
config/initializers/carrierwave_attachmentscanner.rb with the
CarrierWave::AttachmentScanner.configure do |config| config.url = "CLUSTER_URL" config.api_token = "API_TOKEN" end
If you leave things blank we'll assume that you're going to set the config values within ENV variables like the following:
CarrierWave::AttachmentScanner.configure do |config| config.url = ENV['ATTACHMENT_SCANNER_URL'] config.api_token = ENV['ATTACHMENT_SCANNER_API_TOKEN'] end
CarrierWave::AttachmentScanner will call the endpoint with any
file a user attempts to call on your uploader.
It will raise a
CarrierWave::IntegrityError whenever a malicious file is found,
by default this will then prevent the model from saving.
Customising the response
There are two methods that can be used to compare the response from the AttachmentScanner API and present an error message within CarrierWave.
The first method
blocked_scan_statuses is used to compare the scan result with
a list of statuses.
def blocked_scan_statuses %w(found) end
The second can be overridden in order to use the response to alter the upload message.
# This can be overridden in order to change the message def scan_error_message(result) "AttachmentScanner prevented this upload" end
Finally if you need total control you can override the
Development / Contributing
Pull requests are welcome. There is an RSpec suite at
/spec. Please ensure that
tests pass before submitting a pull request.
Thank you for making