Allow for virus inspection of specific file types #18
Comments
|
What virus scanner do you suggest? |
|
I'll handle that, right now I'm using clamd. Basically it should be called with popen and run on binary/executables, and if the file gets removed, it should be added to the banned list and rejection method should be returned. —Reply to this email directly or view it on GitHub. |
|
The exe/dll/com ending scans should be fine for now, but MIME based detection of executables would be optimal. Also, we should write a function which takes a list of files to ban, adds their hashes, names, etc. to the banlist and deletes them all. I'm doing this at the moment. |
|
Alright |
|
Are we using detection based on MIME types? |
|
Wouldn't application/octet-stream give a lot of non executables? |
|
Does windows run files which don't have an exe extension? It shouldn't be a big deal though, I have a cron job running virus scans every 24 hours, I'll just have it update the banlist when it runs. |
|
An attacker could upload his payload under any extension and then rename it after downloading it and execute it on a victim's computer. Virus scans should be enough I guess. |
|
I don't know how good the MIME type detection is for flask, but the idea is to detect any binary/executable type and scan it regardless of extension/file name. This can be something to be changed down the road though; for now it should be fine. |
|
You can test it yourself, just add |
On files which have a MIME type of exectuable or binary, trigger a virus scan and potentially add the file to the banned file list if there's a match(this cab be detected by checking if the file gets removed by the scan).
The text was updated successfully, but these errors were encountered: