HOW,,,VIRUS FREE EAR FILES?

One person asked me whether I can guaranty that the web solution that I provide for him, is free of virus attacks.I was willing to use JSF,EJB3 and Hibernates, but I don't have any idea of keeping this web site free of virus. Is it depend on the server security, or can I do something to make it so that it never affected by any virus attack[Customer needs to tell his all customers that the site is free of virus].

As the developer, can I do something to make it, or it depends on the security of the server and the server administrator?

need to know something else too! This forum site is so much speed and I would say this is a great web site! can someone tell me who developed this site and what is the technology they have used.{Struts? JSF? JSP?}

Thanks!

As a general statement a Java archive (ear, war, jar) could contain a virus. But it can only be executed by the JVM. The JVM has many checks to verify that the code that it is being asked to run is the code that is expected. While certainly not impossible you would have to create and write the virus code and something to execute it for there to be a problem. So if your customer trusts you he should be ok.

Having said that though, the second part of your question is very important too. Building a website that does not allow external injection of viruses is, arguably, a bit more difficult. You'd have to make sure that if you allow file uploads you check them to make sure they are virus free or, perhaps, only allow certain file types. You'd also have to trust that the system administrator doesn't allow remote access that is out of your control (as you suggested).

And lastly, this forum runs on JForum a Java based forum. I don't believe that it is using Struts or JSF. I've got it sitting on a Tomcat 6.0.x under a 64 bit Linux JVM. The database is PostgreSQL. In front is an Apache 2.2.x server.

Thanks a lot 'stdunbar',

I believe this answer is absolutely perfect to overcome my problem and I really appreciate that you replied so quickly! I think that I have nothing left to clarify more.

Thank you very much!!!!
A great help!!!

This message was edited 1 time. Last update was at 08/06/2010 09:03:48

yes.

Having said that though, the second part of your question is very important too. Building a website that does not allow external injection of viruses is, arguably, a bit more difficult. You'd have to make sure that if you allow file uploads you check them to make sure they are virus free or, perhaps, only allow certain file types. You'd also have to trust that the system administrator doesn't allow remote access that is out of your control (as you suggested).
regards,
phe9oxis,