Reputation: 889
Should I be concerned with infected zip files?
I'm writing a ASP.NET application to process user submitted zip files and limiting my extraction of files from it to only the extensions I want.
I've heard of infected zip files attached to emails and I was wondering if I should be concerned about extracting data from infected zip files in my application. I don't plan on executing the content inside of the zip file, but will opening and extracting from an infected zip file cause the file to execute a virus even if I'm not executing any content inside of the zip file?
Upvotes: 5
Views: 588
Answers (1)
Reputation: 239880
It's possible if somebody finds an exploitable flaw in the unzipping implementation... But I've never seen one. I wouldn't say it's something to get worried over.
However, it's not hard to quarantine incoming files, scan them and move them off to your application at a later time. You could even do on-demand scanning but that can cause nasty bottlenecks on a busy system. It all depends how fast you need an uploaded file scanned.
Upvotes: 1
Related Questions
- is it dangerous to zip/unzip unknown uploaded files on server that may contain anything? even viruses?
- File uploads to server. Do I need to check for viruses?
- Check upload file for virus in MVC3
- Run a Virus Scan While Uploading files in ASP.NET
- How to be sure about an uploaded file is not a virus in ASP.net?
- How to do a virus scan before post attachments in asp.net application
- HTTP Upload Corrupts Zip File?
- FileUpload virus protection of server
- Can any of these files execute virus on a server?
- Virus upload scanning asp.net