0

So I'm trying to verify that files I'm getting (uploaded by the user) are indeed images, and valid.

I'm running ClamAV (using python's clamd package) but it doesn't give back the actual file content.

I'm using python's magic package in order to check the magic file prefix (as imghdr also does for images), But my worry is for files with image magic prefix that contains JS code for example.

Any idea about how can I scan the uploaded file's content in order to determine its type ?

Thank you

Roie Labes
  • 55
  • 5
  • 1
    Isn't that the purpose of [python-magic](https://github.com/ahupp/python-magic): _libmagic identifies file types by checking their headers according to a predefined list of file types_. If no type is matching, I guess you get `undefined`. – Maurice Meyer Dec 01 '20 at 11:15
  • Yes, but I want to verify the content and not just by the magic. – Roie Labes Dec 01 '20 at 11:16
  • Lets assume python-magic, tells you it is an image, you would try to open the uploaded file with any image processing library of your choice (imghdr, pil, opencv, imagemagick, ...), if the file can be read it's an image. – Maurice Meyer Dec 01 '20 at 11:23
  • The thing is that `imghdr` for example is working based on magic as well (I had just read the package itself). I'm not looking for another package that'll check the magic, but for one that'll actually check the content – Roie Labes Dec 01 '20 at 11:29

0 Answers0