Checking web uploads for malware
My client hosts a web application which receives a number of attachments from its users. The attachments are available to a group of users, which requires us to implement a malware check on the server end. Only PDF and JPG files are accepted, so we don't need to run scans on exe files. Most of the users use Windows, but the servers run on Linux. The attachments go directly to an Oracle database.
1) Can we scan a blob in Oracle DB or memory, can we stream it to the scanner software, or do we need to write the file on disc first?
2) Can we use F-Secure Anti-Virus on Linux to scan PDF and JPG files to find malware targetted for Windows (and other platforms?)
3) Is PDF malware platform dependent or it triggers on any platform while using an outdated Adobe Reader?
Thanks for any help.