Unless executed, files by themselves pose no security risk to the host. They can be copied, moved, renamed, compressed, etc, without any ramifications whatsoever. However, even harmless text and image files, which are not executables per se, can be embedded with malicious code, which are engineered to exploit known flaws in applications that read them, to unwittingly execute them.stevylake wrote:...to ensure that any file uploaded couldn't be run and do horrible things to my server.
How to tell if a file is executable or not?
Re: How to tell if a file is executable or not?
Texas Instruments TI-99/4A Home Computer: the first home computer with a 16bit processor, crammed into an 8bit architecture. Great hardware - Poor design - Wonderful BASIC engine. And it could talk too! Please visit my YouTube Channel 
Re: How to tell if a file is executable or not?
Admins always set the 'upload' directory of a server to be in 'write only' mode.stevylake wrote: Yes I was kindof thinking that. It's just that I have set up a way where a user can send me a message with a file attachment via one of my servers. All works good. What I was thinking is how much testing would I have to do to ensure that any file uploaded couldn't be run and do horrible things to my server. That was what I was thinking and that got me to how does one know an executable file when it's been disguised.
Thus, whatever file is downloaded, the external user cannot launch or modify it, or even view it.
Afterwards, each file received is scanned through a good antivirus program. Whatever the type of file.