Linux systems don’t rely on extensions to tell a file’s type afaik
Comment on [Project] 0807 - a self-hosted ephemeral file host with no accounts and a Tor onion service
Bombastic@sopuli.xyz 3 days ago
Doesn’t allow exe files
Introducing my totally real image called calc.jpg that is totally not a pe file with a different extension!
plutopos@lemmy.zip 2 days ago
I was thinking surely it doesn’t just look at the extension and instead uses the mime type at the backend… After looking for a minute (on mobile) I think thats what it does.
0807@lemmy.world 3 days ago
You read it right, BLOCKED_EXT is just an extension list and renaming walks straight past it. But that list was never the malware check, it only stops someone uploading payload.exe
Mime sniffing wouldn’t have caught it either, since that value rides along in the request and a renamed upload just lies about it.
The actual defense is ClamAV, same file if you grep clamScan and CLAMAV_SCAN, and it reads what’s inside the file instead of the name. I tried the calc.jpg trick for real, an EICAR test renamed to calc.jpg sent as image/jpeg, and the upload came back refused.
non_burglar@lemmy.world 3 days ago
Clamav is woefully behind on definitions, just be aware of that.
xinayder@infosec.pub 3 days ago
you can install updated filters for it, though. Just check out fangfrisch.