New on PHPMaster.com there's a tutorial showing you how to use ClamAV support to work as a validation filter in a Zend Framework application. ClamAV is an open source project that helps identify malicious threats like trojeans, viruses and malware.

Ok, so you’re pretty comfortable with using the Zend Framework, specifically the use of Forms. Along with that, you have a good working knowledge of how to combine a host of standard validators [...] but what do you do when a situation arises that's outside the scope of the pre-packaged validators and filters? Let’s say you want to guard against users uploading files that contain viruses, for example. You would have to write a custom validator that checks the uploads aren’t infected.

You'll need to install the ClamAV extension on your loal machine for the feature to work. Once it's there, though, it's as simple as setting up the validator (based on Zend_Validate_Abstract) and calling the "cl_scanfile" method on the uploaded file. Also included is the code for a sample controller with a Zend_Form instance and an upload file field to help prove it's working.

Richard Thomas comments on a "funny little PHP 'virus'" that he's noticed coming to him via emails:

Got an email that claimed to be from my host, it used a generic return address and talked about security upgrades and such and how due to new policy to help keep a secure data center I was required to upload and run 1 of 2 files in a zip attachment, the first was a php file the other was an asp file.

Of course, it wasn't from the host, so he investigated a little further to find out exactly what was going on with the file. Basically, it was a modified nsTView file with some added emailing and password discovery code. The code was "hidden" though - through a base64_encode call on one side and then decoded it on the other to cause the server to execute the code. He even posts and example of what the base64ed code might look like.

Richard Thomas comments on a "funny little PHP 'virus'" that he's noticed coming to him via emails:

Got an email that claimed to be from my host, it used a generic return address and talked about security upgrades and such and how due to new policy to help keep a secure data center I was required to upload and run 1 of 2 files in a zip attachment, the first was a php file the other was an asp file.

Of course, it wasn't from the host, so he investigated a little further to find out exactly what was going on with the file. Basically, it was a modified nsTView file with some added emailing and password discovery code. The code was "hidden" though - through a base64_encode call on one side and then decoded it on the other to cause the server to execute the code. He even posts and example of what the base64ed code might look like.