Comment on [Project] 0807 - a self-hosted ephemeral file host with no accounts and a Tor onion service
0807@lemmy.world 3 days agoYou read it right, BLOCKED_EXT is just an extension list and renaming walks straight past it. But that list was never the malware check, it only stops someone uploading payload.exe
Mime sniffing wouldn’t have caught it either, since that value rides along in the request and a renamed upload just lies about it.
The actual defense is ClamAV, same file if you grep clamScan and CLAMAV_SCAN, and it reads what’s inside the file instead of the name. I tried the calc.jpg trick for real, an EICAR test renamed to calc.jpg sent as image/jpeg, and the upload came back refused.
non_burglar@lemmy.world 3 days ago
Clamav is woefully behind on definitions, just be aware of that.
xinayder@infosec.pub 2 days ago
you can install updated filters for it, though. Just check out fangfrisch.