views:

468

answers:

9

Is it possible to upload a virus to a remote computer using a webform? If yes how do we prevent this from happening assuming we are limiting file types to just images?

A: 

you can't - even images may contain malware. http://news.cnet.com/JPEG-exploit-could-beat-antivirus-software/2100-7349_3-5388633.html

Tobias Langner
This is 4 yeard old article. I am sure if something like that comes up we will surely have antivirus updates for that.
Shoban
It's the principle that counts. As long as the binary data (aka picture) is interpreted in some kind and as long as programmers make errors, there's the possibility to manipulate the data to create some kind of exploit. That means - restricting the uploadable data to pictures reduces the amount of malware that can be uploaded, but does not eliminate it.
Tobias Langner
A: 

You could scan them with ClamAV after upload to ensure everything was ok. I think there are wrappers for most programming languages.

Geo
A: 

Yes, it is possible. But it relies on the remote computer (the server) to execute some part of the upload. This is relatively rare, but if you can not avoid executing the upload you should virus check the upload or run the image in a sandbox.

Obviously, your server could be vulnerable to some form of attack using the HTTP POST method - follow your chosen HTTP server's mailing list for any vulnerability like this.

Tiemen
A: 

I might be stating the obvious here, but you could scan all files with a virus checker when they have been uploaded?

Richard
+5  A: 

The best way to avoid problems with user uploaded files of any kind is to have a command line virus scanner on the server, which you use to scan the files after upload. If the scanner result is positive, delete the file, record their IP address and inform the user.

It's a pain to setup first time but it's a life saver.

Richard
A: 

just limiting filetype wont help much .. .

coz virus this days can infect any files .. doc to psd anything..

May used think about using AV for Server .. one such product can be found here

http://www.f-secure.com/en%5FEMEA/products/business/servers/anti-virus-for-servers/index.html

suraj jain
doc, psd? can you explain how.. Just curious.
Shoban
in doc files, it can be just a simple vb function, which can act as a virus when opening the doc.
Amr ElGarhy
+3  A: 

As I understand, you have a computer with an ASP.NET webserver that has a webform where you can upload files. And you are afraid that someone might upload a virus?

Well, unless you execute the file in some way, there is very little risk. It's just going to sit on your disk as a bunch of bytes.

Now, there is a very small chance that if you somehow process the image (say, resize it), and the processing software has a specific bug that the attacker knows about, then he could hijack the process with a carefully crafted image. But guess how big that risk is.

A few ways to reduce that risk even further are:

  • Keep the processing software up to date;
  • Run the processing software as a separate process with very few privileges (sandbox/virtual machine?), and kill it (and its child processes) if it takes too long;
  • Run the uploaded files through an up-to-date anti-virus software.
  • Don't use .NET/GDI/GDI+ processing functions (which are popular and people are trying to hack), but use some small 3rd party software (which nobody bothers to hack) that has all the necessary routines (image reading, writing and processing) re-implemented itself.

Although, honestly, I don't think the risk is large enough to worry about it.

Vilx-
The safety of the server may be at a low risk, but the safety of any users viewing or downloading the malicious images is much higher
Cheekysoft
Also a fair point. That can only be mitigated by an antivirus. Or, if we're talking images only, perhaps one can write (or find) a sanity checker? An infected image will definately be malformed.
Vilx-
A: 

Just a thought. If possible, wouldn't a recompression/rescaling etc to the image corrupt the virus and make it non functional?

Runeborg
+2  A: 

First, note that it's unlikely that your server will be affected by a virus as it isn't going to be trying to "view" these files (unless you're doing something specific). So the main concern is to keep other users safe when they view these files.

If you're running the images through some sort of resize process (maybe to make them not-so-big so they download in a reasonable amount of time) then you are inherently creating a new image, which you can be fairly confident is free of viruses. This is a great way to ensure that the image is really an image and that it is free from malicious content.

Artelius