Click here to Skip to main content
15,943,008 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi ,

I encountered a scenario i.e. where we have to block uploading of .exe or .bat or .msi files when their extension is changed to acceptable extension (.txt,.html,.htm,.odt,.rtf,.doc,.docx).

Looking for a common solution to block uploading of all types of executable.

Thanks,
Tarun

What I have tried:

I have used Mime/Extension type but it didn't work.
I have found a solution to block only .exe files but still looking for a common way to block all types of executable.
c# - Prevent an exe from being uploaded even after renaming its extention - Stack Overflow[^]
Posted
Updated 27-Sep-17 1:58am

YOu can't block all executable files, or at least not easily: they are just binary files which will contain a particular sequence of bytes at the start, which will not normally be present in other data - but it's possible that they might in some data.

See here: List of file signatures - Wikipedia[^] And then look at the start of the download file to check it.
 
Share this answer
 
Comments
goswami.tarun 27-Sep-17 7:35am    
Thanks... Is there any way to block .bat files? .msi file content have same sequence as .ppt or .doc file has, so how can we differentiate them?
OriginalGriff 27-Sep-17 7:40am    
Nope, and not PowerShell files either. They are just text files containing commands. You'd have to analyse them pretty carefully to check if they are executables.
goswami.tarun 27-Sep-17 9:19am    
Okay... Thank You.
Why?

Unless your server or some other client is going to execute them in the future, what's the point?

You can't prevent the upload of all executable formats except in the most obvious cases. There is always going to be a way to fool your system into accepting one.
 
Share this answer
 
Comments
goswami.tarun 27-Sep-17 8:23am    
Hi Dave,I need to allow only document upload.
Dave Kreskowiak 27-Sep-17 8:32am    
OK, so what kind of documents? Word? PDF? ...?
goswami.tarun 27-Sep-17 8:38am    
These are the types I have to support :
".doc",".docx",".rtf",".txt",".cpy" , ".dot", ".dotx", ".dotm",".wpd",".xls",".xlsx",".csv",".xlk",".xltm", ".xltx",".xlsb",".xlsm",".xlt",".ods",".ppt",".pptx",".ppsx" ,".pptm",".potx"
Dave Kreskowiak 27-Sep-17 9:00am    
Yeah, there's no way you're going to limit to that. First, you would have to upload the file to the server, the server would have to validate the file is valid and either drop or retain the file from there.

You'll be writing a TON of code to validate each of these file types and you're not going to get 100% accuracy.

There's no way to do this client-side.
goswami.tarun 27-Sep-17 9:18am    
I am too not looking the client side solution as it is not possible, I have all the validation on server.
I want to know how can i restrict executable files through server side validation.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900