0

I know for the fact that there is trojan or malware in php which represents itself as an image. And I also know that to filter out the file upload we use extensions such as .txt or .png.

Is there a way to scan the files manually when they are being uploaded into the server using server built-in antivirus or the server doing this kind of tasks automatically for us? ( I mean particularly in cpanel )

thanks

ejuhjav
  • 2,660
  • 2
  • 21
  • 32
MMTDesigner
  • 172
  • 1
  • 14
  • 1
    And what is the question exactly? – Epodax Jul 21 '15 at 06:41
  • The exact question is how to scan files being uploaded into the server using build in anti viruses? – MMTDesigner Jul 21 '15 at 06:43
  • What build-in anti virus are you referring to? Secondly SO isn't a place to get tutorials or how-to's. – Epodax Jul 21 '15 at 06:46
  • I don't know, what ever anti virus they are using in cpanels, I am not actually quite familiar with server administration but I know that anti viruses and malwares detectors exists in some servers, I want to know how to use them for my own benefit which is scanning files on real time while being uploaded. – MMTDesigner Jul 21 '15 at 06:54
  • Its only an issue if you use the image file in a particular way. There is no issue for most sites –  Jul 21 '15 at 06:59
  • Please read this post [link]http://stackoverflow.com/questions/24967628/what-is-the-purpose-of-strange-false-social-png-in-many-wordpress-themes – MMTDesigner Jul 21 '15 at 07:07
  • I want to be able to capture this kind of files on the air. – MMTDesigner Jul 21 '15 at 07:07
  • There is no built-in anti-virus, and rightly so as anti-virus would not detect either of the typical threats an upload facility faces (attacks against server logic, and XSS). – bobince Jul 21 '15 at 11:47

1 Answers1

0

If you are worried about code being uploaded to your server in the form of an image, simply re-encode the image upon upload. A file containing code with an image extension will throw an error when the encoder tries to process it.

0x90
  • 6,079
  • 2
  • 36
  • 55
  • Thanks for the proper answer don't you mind helping me to find a tutorial on how to do that? – MMTDesigner Jul 21 '15 at 11:36
  • this is misleading at best, its not that the file is named *.jpg but is actually code. The malicious payload is embedded in a valid image. –  Jul 21 '15 at 21:25
  • Even if the malicious payload is embedded in a valid image (such as the PoCs demonstrated by Saumil Shah), re-encoding the image will get rid of the code. The attack in question relies on the image parser ignoring the code part. So while this scenario would not throw an error, the code would non the less be stripped from an image. Now, if you are talking about code being encoded in the absolute color values of a PNG to be loaded through the HTML canvas tag, it gets more difficult but a simple marginal resizing can sanitise the input. – 0x90 Jul 21 '15 at 22:53
  • @MMTdesigner, I suggest you look into ImageMagick or any image library for the language you are using. – 0x90 Jul 21 '15 at 22:57