0

In my project i have created a file upload.Now it is required that any exe file or exe file in a zip folder having .zip as extension, be prevented from being uploaded. Can someoe suggest me a solution?

rook
  • 66,304
  • 38
  • 162
  • 239
Niraj Choubey
  • 3,942
  • 18
  • 58
  • 93
  • So uploading .asp files is okay then? – rook May 12 '10 at 20:31
  • You wish to look into the zip file and check for exe, is this correct? – ashurexm May 12 '10 at 20:32
  • 1
    possible duplicate of [prevention of exe file upload in a website](http://stackoverflow.com/questions/2809242/prevention-of-exe-file-upload-in-a-website) (probably same user) – Greg Hewgill May 12 '10 at 20:33
  • Btw, what for have you created a duplicated account http://stackoverflow.com/users/333371/niraj-choubey http://stackoverflow.com/users/312964/niraj-choubey ? – abatishchev May 12 '10 at 20:35

1 Answers1

3

For each of your task, you have to implement separate algorithm for check.

  • Check extension before upload (see possible duplicate question)
  • Check that uploaded zip is really an archive (mime type, libmagic, etc)
  • Check that uploaded archive doesn't contain exe (unzip it, see previous paragraph)
abatishchev
  • 98,240
  • 88
  • 296
  • 433
  • 1
    +1 For libmagic suggestion. Its the brains behind the file() command. Instead of enumerating badness, the OP should attempt to enumerate goodness instead. – Yann Ramin May 12 '10 at 20:40
  • @Niraj Choubey: See Robb's answer below http://stackoverflow.com/questions/2822521/exe-file-upload-prevention/2822560#2822560 – abatishchev May 12 '10 at 20:45