问题
We've just had penetration testing done on our website hosted in Azure (App Services). One of the things that came back was the tester was able to upload known malicious files, including:
EICAR - the known Antivirus testing text file located at http://www.eicar.org/
Word documents with malicious macros embedded.
And some others. These files were successfully submitted and hosted by the server. The same Eicar file is picked up right away from Avast on my local machine and blocked. Is there anyway to have realtime protection on folders in our web site?
回答1:
I can't speak to the results of your org's pen testing, or how you should specifically deal with security vulnerabilities (as that's a topic very broad in scope, and unfit for StackOverflow).
From an objective perspective: Unlike Virtual Machines, you cannot install simply anti-malware software on Web Apps (unless that software could be deployed with your app, and not require admin-level privileges). You'd need to set this up in a VM, or use a 3rd-party service.
Note: If you look at the Settings blade for your Web App, you'll see a section labeled Observe. Within that section, you'll find various add-ons, and it looks like one of them is specifically security-related. As far as I know, the add-ons listed here are the only ones you may integrate with Web Apps.
来源:https://stackoverflow.com/questions/38387004/antimalware-for-azure-app-services