Deny all potentially malicious file types

Question

Deny all potentially malicious file types

Closed this issue 10 years ago · 4 comments

Apparently, it's easy to get around malware restrictions and clamscan isn't 100% effective. We should try to adhere to the standards that google uses[1] in blacklisting attachments in their email. This means blocking executable file extensions, and scanning compressed files for the malicious extensions. This could probably save lots of headaches down the road(apparently pomf as plagued by similar issues until they decided to stop allowing exes).

https://support.google.com/mail/answer/6590

Answer 1 · 2015-06-24T09:13:31.000Z

I think compressed archives should be allowed

Answer 2 · 2015-06-24T14:32:59.000Z

Well, it's not a matter of preventing archives, it's more a matter of preventing archives which have the blacklisted file types. Of course it would be a bit annoying to implement this, as there'd have to be detection of all the various compression types, so I don't think this aspect is critical for now.

Answer 3 · 2015-06-24T14:36:45.000Z

You mean detecting executables inside compressed archives? You'd have to account for nested archives and zip bombs, etc. I think for now we're fine with the current system.

Answer 4 · 2015-06-24T14:39:21.000Z

Yea it might be more trouble than it's worth, for now I think it should be fine.