Page 2 of 2
Re: How to tell if a file is executable or not?
Posted: Mon Mar 08, 2021 3:22 am
by TI-994A
stevylake wrote:...to ensure that any file uploaded couldn't be run and do horrible things to my server.
Unless executed, files by themselves pose no security risk to the host. They can be copied, moved, renamed, compressed, etc, without any ramifications whatsoever. However, even harmless text and image files, which are not executables per se, can be embedded with malicious code, which are engineered to exploit known flaws in applications that read them, to unwittingly execute them.
Re: How to tell if a file is executable or not?
Posted: Mon Mar 08, 2021 11:20 am
by Marc56us
stevylake wrote:
Yes I was kindof thinking that. It's just that I have set up a way where a user can send me a message with a file attachment via one of my servers. All works good. What I was thinking is how much testing would I have to do to ensure that any file uploaded couldn't be run and do horrible things to my server. That was what I was thinking and that got me to how does one know an executable file when it's been disguised.
Admins always set the 'upload' directory of a server to be in 'write only' mode.
Thus, whatever file is downloaded, the external user cannot launch or modify it, or even view it.
Afterwards, each file received is scanned through a good antivirus program. Whatever the type of file.