Reputation: 2498
FileUpload virus protection of server
My ASP.NET Application has an FileUpload control. My server doesn't have any antivirus program. If I add a byte to binary content of the file before saving file, does my server affect from virus? When displaying file, I will remove extra byte from the content.
Thanks for replies.
Upvotes: 1
Views: 439
Answers (1)
Reputation: 7543
A virus will only cause you problems if it is run on the server (i.e. the file is opened). You can get around this by renaming all uploaded files with a .resources extension. All requests for this type of file are sent by IIS to ASP.NET, which rejects them. So effectively, the files store the data but can't be opened/run at all. Then you can still serve them back by reading their content in an ASP.NET page/module, and returning the data as a file with the correct extension.
Transforming the data as you suggest will also provide a level of protection, though I'd probably do more than add a byte to the end. Perhaps run the whole stream through a reversible algorithm (e.g. a fast encryption or something).
Of course, this doesn't protect the client from any virus.
Upvotes: 1
Related Questions
- Scan uploaded files C# ASP.net
- File uploads to server. Do I need to check for viruses?
- Check upload file for virus in MVC3
- Run a Virus Scan While Uploading files in ASP.NET
- How to be sure about an uploaded file is not a virus in ASP.net?
- How to do a virus scan before post attachments in asp.net application
- Free server side anti virus / security / trojan protection for file uploads?
- How to go about a file upload in a Web Application (ASP.Net, C#, IIS)
- Should I be concerned with infected zip files?
- Virus upload scanning asp.net