We are implementing a COTS package that allows you to upload files from a Thick-Client - over HTTP Web Services - to SQL 2008, where the files are stored in a VarBinary(Max). The solution will be running on Microsoft based environment.
We have a requirement to "virus-scan the files" during upload.
I was wondering if doing this as an API call from an HttpHandler or HttpModule was a bad idea or not (or even feasible). has anyone done this before?
This should be possible with every antivirus that supports batch mode, this is for example how to do this with Security Essentials on the server:
Use Microsoft Security Essentials in C# when downloading email attachment
My only note to that would be to have a queue of pending files and process files one-by-one from the queue so that you don't run more instances of the antivirus when processing concurrent requests. This could probably slow down your servers.