How to prevent the uploading of Warez. (asp.net, C#)

Question

My company created an application that can send large attachements from one mail recipient to another (because most mailboxes are very limited).

But we were wondering how we can prevent the uploading of warez? For now all extentions are allowed, but we could restrict the extentions to zip and images.

But if you zip warez you can still upload these.

Are there any tools, methods or something like it to prevent the uploading of warez through our system?

Some more info:

This project is semi-public. It will mostly be used for the communication between customer and company. Therefore an email address of our company is always required (either within the receivers as that of the senders, but you all know how easy it is to manipulate this).

Answer 1

Define what "warez" is first.

I'm pretty sure you're going to have problems with that.

You can probably implement heuristics that figure out that you're sending applications and just ban that, but there's no way you're going to figure out that one application is a pirated copy and another isn't and allow the legal one while ban the pirated one.

If you control the server, and is afraid that people will upload pirated copies of applications onto your server and use it to spread it with, then I'm pretty sure your only option is to check with a lawyer what you're obligated to do.

I think it boils down to that you need a system where copyright owners can inform you of pirated copies being present and that you have a system to remove said content within a time frame. I think that's all that is required.

Answer 2

EDIT

If as you said in your edit, that this is for customers to send stuff to you, then I'd be very careful about the allowed email addresses. Is there anything to stop somebody putting in Distribution Email addresses. e.g. If some naughty person sent a large file to [email protected], will it be distributed or will it be blocked

ORIGINAL

If this is an open/public system, then its going to be abused. There are ways to unpack zip files on the fly to check their contents, and even to check the file mimetype headers to perform more restrictions, but it doesn't change the fact that someone might want to legitimately send an AVI file of a presentation, while someone else whats to upload a pirated movie.

If this is for internal use in your company, I'd suggest restricting access in someway (tie the system into your Company LDAP/ADSI system and make users login to the system.

Also putting some file size restrictions in place might be necessary as theres nothing to stop some script kiddie just sending 1Gb Junk Text files around, just to be a nuisance and eating up your bandwidth

Answer 3

How would you distinguish a non-warez executable from a warez executable? You couldn't possibly blacklist them all.

Your best bet is to filter on all executables. You can probably check inside the zipped files and see if they contain executables (by checking the file itself, not just the extension). Other than that, someone should probably monitor the sent files.

Answer 4

You can always just rename, for example, a .rar extension to .jpg and let the downloader know to rename the file to open the "Warez". There is no way to block it other than to take random samplings, test it your self, and then manually delete whatever it is you don't want.

Answer 5

Short answer: No, you can't.

You could look for filenames from a list, but that will fail (e.g. you might ban "MS Word", but then if someone uplads an innocent "MS Word.doc" you fail. Or if the bad guy renames his exe to "MS W0rd" you fail.

You could look for recognised sequences in the file - that fails as soon as they apply even simple encryption or compression.

You can create user accounts and ban users who misbehave, but this fails because you have to spend a lot of effort policing it and in any case users can just creat multiple accounts using web mail addresses.

My suggestion would be to make this someone else's problem. Get users to upload files to someone elses system (Microsoft SkyDrive, Amazon S3 etc) and then they can worry about the legal side.

Answer 6

What if someone sends a password-protected RAR archive to ensure security of some documents? You can't possibly look inside of it - and you shouldn't - not your business.

For example, we had a couple of times some access right issues with our network. And I needed to install some third-party components on my developer machine. As I was unable to access our repository at the time, I just got the installation package sent to me per email. Now, how can an outsider possibly decide whether a file "SomeCoolComponent.msi" is a warez copy downloaded from the intenet or a 100% legal copy which I have the rights to use?

We once had at university our email account suddenly block all password-protected archives as attachments. You guess what? I didn't stop encrypting them. I stopped using that account.

Answer 7

Assuming you can build decompression support in, you could use this heuristic method to determine whether a given uploaded archive is warez (derived from real world warez distribution methods):

• get the filenames contained in the archive
• if the archive contains (an .nfo OR a .diz file) and (an exe OR an msi or an archive containing one of the above) block the upload
• if the archive contains a series of zip/rars/00X files block the upload
• if the file is an exe, check whether it's a SFX and if it's a zip, rar or 7z SFX check the embedded archive

Otherwise just accept the upload, making sure you clearly state in your TOS that the company is not responsible for user uploads.

Answer 8

No - you cannot prevent this with a tool or framework.

You can prevent this by banning / blacklisting users who violate the policy.

Trying to do everything in code isn't always the best idea - sometime a simple "break the rules and you get banned" policy is best.