Re: File Upload Question

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hi Manny,

The user can certainly upload a file with a virus etc in it, but you
have to ask some more relevant questions to ascertain the risk:

1. Are all the users public? If so do you really want them uploading
files? If not, what is the potential of your users having virus ridden
files that are being uploaded firstly accidentally and secondly
maliciously.

2. Can you lock the file types or mime types down to restrict certain
types of document. Obviously things like word docs, Exes etc should all
be pretty much on the hit list for non-allowable files to be uploaded -
especially if all you want are image/jpeg for example.

IE doesn't support mime type locking but on the server side you can
intercept the mime type and reject it if it is not one you allow.

3a. Most viruses aren't a problem until you execute the file - this is
why everyone is told by even the virus companies "don't open a file /
email from someone you don't know or weren't expecting" - regardless of
your virus definitions being up to date, there is always a lag time
before new viruses are detectable - but so long as you don't open a
file and execute whatever is embedded within it then it won't run and
shouldn't cause any problem.

3b. Does it make sense then to "quarantine" files for a period of time
whilst you can manually or automatically run a sweep over the file to
ensure there are no greeblies in it.

4. Depending on processor overhead it could make sense to have a "magic
bucket" where files are held and then run a script on this that detects
when a new one is added and it is then scanned. If the scan proceeds
and clean bill of health is given then it can be moved to another
folder.

For one of our clients we only allow registered users to upload and we
lock the mime types to certain file types only. We also enforce a
"magic bucket" quarantine system which sometimes means documents are
not immediately available but protects the system as well.

Cheers
AndrewF

.

Relevant Pages

  • Re: And 45 days after I sent the worm to AVAST
    ... | The csrcs.exe file is what the virus becomes when it is ... | command so you cannot see it in a browser, ... | If your virus is NOT what I uploaded, ... Funny thing is they are running Avira ...
    (alt.comp.anti-virus)
  • IE Hangs when uploading
    ... stated that he had the W32Netsky virus and could not repair or remove the ... security updates and service packs from Windows Update page and it still ... locks up whenever we try to upload an auction. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: virus filter question
    ... Guess my first question is how can someone upload a virus if you have ... Symantec antivirus on every workstation? ... > the SBS2003 does not offer filter capabilities when someone uses the ... > Internal Company Website to upload files to a folder on the SBS Server. ...
    (microsoft.public.windows.server.sbs)
  • Re: virus in blob file
    ... I'd like to evitate to write in the file system a potetially dangerous file. ... files, the server is sure, because the virus is stored in the DB, and so it's ... >> How can I prevent the upload of infected files in the DB? ...
    (microsoft.public.sqlserver.security)
  • Re: Resizing Images
    ... and allowable upload file types. ... Add more mime types if you want ... $thumb = imagecreatetruecolor; ...
    (php.general)