Safely receiving client uploads and file transfers

Discussion in 'General Discussion' started by kmetal, Jan 15, 2020.

  • AT5047

    The New AT5047 Premier Studio Microphone Purity Transformed

  1. kmetal

    kmetal Kyle P. Gushue Distinguished Member

    Joined:
    Jul 21, 2009
    Location:
    Boston, Massachusetts
    Home Page:
    Hey i am going to be setting up a website where people can upload their files, a nas drive, and have dropbox.

    At some point the client files need to get over to the main workstation for mixing and editing.

    So my isssue is, as far as i know, i cant just run a virus scan while the files are on dropbox, they have to be downloaded, then scanned.

    Im not sure if i can have the nas scan the files before they are written to it.

    The files are too big to just email otherwise i could scan the attachment. Unless there is an email service that allows large file transfers, or maybe a dedicated file xfer service or application that allows scanning either at the upload time or before i download.

    So my concern is downloading contaminated files, since not all clients keep their daw machine offline, and audio only.

    Im thinking i may have to get a tablet, or chromebook or laptop/pc, whose sole purpose is for downloading client files and checking them. (Maybe streaming too just to get good use from the machine.) This way if there's an issue i can just quickly restore windows on it.

    The only other thing i can think of is if i can have a web page where the file is directly uploaded to it and appears in the browser. Then i can go to the page and left click/scan for viruses before it gets downloaded.

    The down side to that is i could get a contaminated file on the server hosting the site. Id then likely have to clear the server of all files and re upload the site, which means downtime.

    It would be nice to have a sort of buffer zone before these files get to any of my devices.

    Any thoughts or ideas on this are welcome. We are a long way away from mailing tapes and cdr's, which at least couldn't host malware!!!!
     
  2. Boswell

    Boswell Moderator Distinguished Member

    Joined:
    Apr 19, 2006
    Location:
    UK
    Home Page:
    There are NAS boxes that have an option of built-in real-time virus scanning of everything that gets uploaded to them. QNAP Turbo NAS and Synology are two that come to mind. I have used one (that I never knew the make of) that had a buffer queue where things arrived, and the files were only made available for read access once they had passed whatever scans the administrator had set for them. That could take some time for very big files. On the other hand, files such as databases that needed to be read/written in blocks could be scanned at the block level so there was no perceptible delay.

    Does that sound like the sort of thing you would need?
     
    kmetal and pcrecord like this.
  3. kmetal

    kmetal Kyle P. Gushue Distinguished Member

    Joined:
    Jul 21, 2009
    Location:
    Boston, Massachusetts
    Home Page:
    Yes that's pretty much what im thinking id need. The ability to detect an issue before its saved into my system.

    I have a qnap nas (ts-251) that's still in storage, and was planning a newer, higher capacity qnap (453be) for this main setup.

    I think can include a link on the website directly to a client folder on the nas.

    Do you think a separate drive or partition for client uploads would increase the safety?

    Maybe what ill do is dedicate the smaller/older nas to client projects (uploads and downloads) and keep the other one reserved for archives/non public access.

    Im going to gave to dig deeper into the qnap security features. Its mind boggling how much those little boxes can do!

    If this works as you describe it may be one of the few last peices of the puzzle i needed to solve for this system idea.

    Thanks.
     
  4. Boswell

    Boswell Moderator Distinguished Member

    Joined:
    Apr 19, 2006
    Location:
    UK
    Home Page:
    I would use the newest NAS box for any server that external users have access to for uploading. In that way, you have the chance of the AV software running on it being able to detect the latest viruses. You should ensure that your public access NAS has its own automatic updating (at least daily) of its virus database. Don't assign a box to that task that does not have the capability of running an anti-virus tool.
     
    audiokid and kmetal like this.
  5. kmetal

    kmetal Kyle P. Gushue Distinguished Member

    Joined:
    Jul 21, 2009
    Location:
    Boston, Massachusetts
    Home Page:
    Good points.

    If the virus detection software on both units is the same, does it matter if i use the older gen box? Is there a hardware based reason to use the new one?

    Maybe i should just use the old one for backup, and get 2 current gen units. I think a 4 bay unit would be overkill just for public transfers. (Assuming software is the key component in security)

    Glad i didnt commit to the new nas(s) yet.

    Super good point about auto updates.
     
  6. Boswell

    Boswell Moderator Distinguished Member

    Joined:
    Apr 19, 2006
    Location:
    UK
    Home Page:
    If they use identical software, they should offer the same degree of protection. The thing that might be different is the time it takes to scan a new uploaded file. You could, for example, check for 64-bit native OS rather than 32-bit. Most of the NAS boxes run one version or another of Linux.
     
  7. kmetal

    kmetal Kyle P. Gushue Distinguished Member

    Joined:
    Jul 21, 2009
    Location:
    Boston, Massachusetts
    Home Page:
    Awesome. I will verify with qnap before purchase that the AV is identical or not on both.

    The qnap stuff is definitely some version of Linux.

    Ill check about the 64 vs 32 bit. I don't mind the added time on upload, at this point if security is the same. Although i do see where it would be advantageous if im doing quasi realtime collaboration.

    Also i finally think i figured out how to xfer files into/out of my daw without connecting to the web.

    A wireless usb stick, i think might do the trick. Or bluetooth sharing. I think the wirless stick connects to my network by itself so my daw could stay offline. I had cheapo one a while ago but didn't get to mess with it too much, i do remember painfully slow xfer tho. It might not be practical for large files. Ive never used bluetooth sharing, but it appears windows and my andriod devices are able to do this. Im actually setting up a new laptop as we speak as sort of a test machine before i commit more resources to the big system.

    Any thoughts?
     
  • AT5047

    The New AT5047 Premier Studio Microphone Purity Transformed

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice