[WEB SECURITY] Serverside Virus Scan

Bil Corry bil at corry.biz
Sat May 3 09:44:30 EDT 2008


rajat karnwal wrote on 5/2/2008 5:43 PM:
> So requirement is to check extension spoofing and
> virus scanning before this file can be stored in
> database. I am in a stage where I have to make a
> design decision how this can be achived.

You might be able to use "file" to determine the type of file, independent of the mime type or extension:

    <http://en.wikipedia.org/wiki/File_(Unix)>


And FWIW, pdp has written about various attack vectors with uploaded files:

    <http://www.google.com/search?q=upload+site:www.gnucitizen.org>


One of my favorites is his "Cross-site File Upload Attacks" -- you can't implicitly trust content even from yourself:

    <http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/>


All that said, I too would be interested in a "Best Practices" guide for validating uploaded files, including recommended tools.


- Bil 


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list