3

I have some exe files that I've uploaded into my database as I don't want them to be publicly accessible. I tried using a link button and a generic handler to serve the file using the following code:

Context.Response.Clear()
Context.Response.ContentType = "application/exe"
Context.Response.AppendHeader("Content-Disposition", "filename=program.exe")
Context.Response.BinaryWrite(binaryfile)

The problem: Google Chrome does not treat the download as any other exe, instead after downloading it reports "program.exe is not commonly downloaded and could be dangerous." with a "discard" button and the option to "keep" the download is hidden under a context menu.

Is there any other/better way to serve exe files stored in the database?

yoozer8
  • 7,361
  • 7
  • 58
  • 93
Zishan Neno
  • 2,647
  • 7
  • 34
  • 58

3 Answers3

4

I don't often see application/exe in the wild. It's more common to use application/octet-stream for executable files.

If you're using .NET, then I'm going to assume for a moment that you're using IIS. (Correct me if this is not the case.) If so, then this (old, but still useful) list of MIME types and file extensions may be helpful.

Naturally, you won't be able to get around any browser-side restrictions from the server side in any real sense. You can modify the headers you send to the client, but in the end it's up to the client what to do with the response.

David
  • 208,112
  • 36
  • 198
  • 279
  • Yep, I wasn't able to get past any of the browser restrictions. Had to compress my files instead. – Zishan Neno May 15 '12 at 22:47
  • 1
    @Zishan: You mean just zip the executable? I wouldn't be surprised if browsers get smart to that sort of thing as well. Just something to keep in mind. – David May 15 '12 at 22:58
  • Zipping does not help to avoid this warning. – Mot Aug 10 '12 at 10:32
3

Did you check out this question: Getting around Chrome's Malicious File Warning

Jeff G suggests signing up to Google Webmaster Tools and adding your site. It'll take several days for Google to crawl your site, and fill in any information, but it'll eventually stop thinking your file is malicious.

Community
  • 1
  • 1
Mark
  • 1,455
  • 3
  • 28
  • 51
1

In my case I solved it with the following set of headers:

Cache-Control: max-age=864000
Content-type: application/octet-stream
Content-Disposition: attachment; filename="....zip"
Content-Transfer-Encoding: binary
Last-Modified: ...
Etag: ...
Content-Length: ...

Be extra observant of Content-type, Cache-Control, Last-Modified and Etag which seemed to be the helpful headers for me.

tim
  • 2,530
  • 3
  • 26
  • 45