tags:

views:

115

answers:

4
+1  Q: 

Best way to determine whether an attached document will harm a user when opened

We're writing a feature that will allow our users to "attach" things like Word documents, Excel spreadsheets, pictures, pdfs to documents in our application - just like email.

We don't however, want to allow them to attach .exe, .bat, .reg files, or anything else that might harm them if they opened it - so we're proposing to have a whitelist of allowed file types.

Does anyone know of a better way to determine whether a document is safe? (i.e. does not have the ability to harm a user's computer). Or instead a resource that would give us a list of commonly used safe documents to add to our whitelist as defaults?

A: 

I honestly think you are best served by either Clam AV on Linux or Trend Micro on Windows.

WakeUpScreaming  2009-03-18 15:31:54
+1  A: 

What about Word macro viruses? There is no one "safe" document type. What if someone renames a .exe file .doc - is that allowable? Don't depend on the file type or name alone and never just trust client input. Validate it on the server side if at all possible, most likely using an anti-virus program or some other known utility.

Tai Squared  2009-03-18 15:41:02
It will be a web service that will validate whether or not a file can be uploaded - but it won't know what the content of the file is until it gets there. So I was thinking of a basic check on the filename first, plus your suggestion of running antivirus software when the file is uploaded.
John Sibly  2009-03-18 15:47:05
+1  A: 

You could use a whitelist plus the result of AssocIsDangerous (http://msdn.microsoft.com/en-us/library/bb773465(VS.85).aspx) to determine if the file should be allowed. White list for files to attach without warning, AssocIsDangerous to block altogether, and the remaining could get a default warning dialog.

Be careful about the white list because complex documents can contain macros and their associated applications could contain security vulnerability in their parsers.

Michael  2009-03-18 15:42:07
+1  A: 

Use a reverse proxy setup such as

www <-> HAVP <-> webserver

HAVP (http://www.server-side.de/) is a way to scan http traffic though ClamAV or any other commercial antivirus software. It will prevent users to download infected files. If you need https or anything else, then you can put another reverse proxy or web server in reverse proxy mode that can handle the SSL before HAVP

Nevertheless, it does not work at upload, so it will not prevent the files to be stored on servers, but prevent the files from being downloaded and thus propagated. So use it with a regular file scanning (eg clamscan).

 2009-04-18 10:24:56

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security