Can any of these files run a virus on the server?

Question

Can any of these files run a virus on the server?

Can any of the following file types execute a virus or damage a server?

pdf, .png, .jpg, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .gif.

+4

php upload document virus

AAA Apr 14 '11 at 22:49

source share

3 answers

@AAA: The process will be like this:

1) The user uploads a file, say test.exe.

2) When it is received by the server, you extract the extension and store it in the database with the file name, so you may know that the witch file has a type extension.

3) When a user requests a file, you request both the file extension and its name, collect them, and finally send them to the user.

Note: You may have a problem with a duplicate name, it would be better to generate a fixed length of a random string and skip it with the file name when begging for the file name as an example.

+3

Sife Apr 14 '11 at 23:27

source share

Noting that this is indicated in the "PHP Download" section, I think it talks about remote extension. If so, they should all be safe. The usual list of things I block is in this htaccess list here

<Files ~ "\.(php|php3|php4|php5|phtml|pl|py|psp|js|jsp|cgi|util)$"> Order deny,allow Deny From All </Files>

-2

donatJ Apr 14 '11 at 10:56

source share

gd1 · Accepted Answer · 2011-04-14T23:02:29+0000

The question itself has no reason to be, since the answers are still given (I'm sorry to say this). Do not take all this as criticism: I explain myself.

You can even download TheWorstVirusInTheWorld.exe to your server, but it will not be harmful until it is executed. If the operating system and / or its shell or other programs (or scripts) do not have serious errors, no code is executed automatically, in the sense of “without a system administrator”.

See virustotal.com. They ask you to download suspicious executables to determine if they are viruses or not. Are they afraid of this? Of course not. This is because the file is uploaded to the server and then read by a tool that you can call an “antivirus” that does not execute them.

Thus, the question may be: "what files can be safely executed on my server?" Answer: There are no files coming from unknown sources. The file extension does not matter at all: on UNIX systems you can execute any file (even .doc) that has the execute (= attribute) bit.

Hackers and lamers will not act as you expect. They do not download ordinary viruses to your server, and if they do, they must execute them, and if they can do something on your server, well, your server is already gone, and all your efforts to disinfect file extensions are garbage.

Can any of these files run a virus on the server?

More articles: