[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Serverside Virus Scan

From: Bil Corry <bil@xxxxxxxxx>
Subject: Re: [WEB SECURITY] Serverside Virus Scan
Date: Sat, 03 May 2008 08:44:30 -0500

rajat karnwal wrote on 5/2/2008 5:43 PM:

So requirement is to check extension spoofing and
virus scanning before this file can be stored in
database. I am in a stage where I have to make a
design decision how this can be achived.


You might be able to use "file" to determine the type of file, independent of the mime type or extension:

   <http://en.wikipedia.org/wiki/File_(Unix)>


And FWIW, pdp has written about various attack vectors with uploaded files:

   <http://www.google.com/search?q=upload+site:www.gnucitizen.org>


One of my favorites is his "Cross-site File Upload Attacks" -- you can't implicitly trust content even from yourself:

   <http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/>


All that said, I too would be interested in a "Best Practices" guide for validating uploaded files, including recommended tools.

- Bil


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] Serverside Virus Scan
  - From: Stephen de Vries

References:
- Re: [WEB SECURITY] Serverside Virus Scan
  - From: rajat karnwal

Prev by Date: Re: [WEB SECURITY] Serverside Virus Scan
Next by Date: Re: [WEB SECURITY] Serverside Virus Scan
Previous by thread: Re: [WEB SECURITY] Serverside Virus Scan
Next by thread: Re: [WEB SECURITY] Serverside Virus Scan
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site